Sign-up

ID

VAR-202010-1079


CVE

CVE-2018-4339


TITLE

iOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2018-016510

DESCRIPTION

This issue was addressed with a new entitlement. This issue is fixed in iOS 12.1. A local user may be able to read a persistent device identifier. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Trust: 2.52

sources: NVD: CVE-2018-4339 // JVNDB: JVNDB-2018-016510 // JVNDB: JVNDB-2018-008908 // VULHUB: VHN-134370 // VULMON: CVE-2018-4339

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:12.1

Trust: 1.0

vendor:アップルmodel:iosscope:eqversion: -

Trust: 0.8

vendor:アップルmodel:iosscope:ltversion:12.1 less than (iphone 5s or later )

Trust: 0.8

vendor:アップルmodel:iosscope:ltversion:12.1 less than (ipad air or later )

Trust: 0.8

vendor:アップルmodel:iosscope:ltversion:12.1 less than (ipod touch no. 6 generation )

Trust: 0.8

vendor:applemodel:icloudscope:ltversion:for windows 7.8 earlier

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:12.9.1 earlier

Trust: 0.8

vendor:applemodel:macos high sierrascope:eqversion:(security update 2018-001 not applied )

Trust: 0.8

vendor:applemodel:macos mojavescope:ltversion:10.14.1 earlier

Trust: 0.8

vendor:applemodel:macos sierrascope:eqversion:(security update 2018-005 not applied )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:12.0.1 earlier

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:5.1 earlier

Trust: 0.8

sources: JVNDB: JVNDB-2018-016510 // JVNDB: JVNDB-2018-008908 // NVD: CVE-2018-4339

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4339
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-4339
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202010-1527
value: MEDIUM

Trust: 0.6

VULHUB: VHN-134370
value: LOW

Trust: 0.1

VULMON: CVE-2018-4339
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-4339
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134370
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4339
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-4339
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-134370 // VULMON: CVE-2018-4339 // JVNDB: JVNDB-2018-016510 // CNNVD: CNNVD-202010-1527 // NVD: CVE-2018-4339

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2018-016510 // NVD: CVE-2018-4339

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1527

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-1527

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008908

PATCH
title:HT209192 Apple  Security updateurl:https://support.apple.com/en-us/HT209192
Trust: 1.6
title:About the security content of iTunes 12.9.1url:https://support.apple.com/en-us/HT209197
Trust: 0.8
title: About the security content of iCloud for Windows 7.8 url:https://support.apple.com/en-us/HT209198
Trust: 0.8
title:About the security content of Safari 12.0.1url:https://support.apple.com/en-us/HT209196
Trust: 0.8
title:About the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierraurl:https://support.apple.com/en-us/HT209193
Trust: 0.8
title: About the security content of tvOS 12.1url:https://support.apple.com/en-us/HT209194
Trust: 0.8
title: About the security content of watchOS 5.1url:https://support.apple.com/en-us/HT209195
Trust: 0.8
title:Apple iOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131784
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-016510 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            CNNVD: CNNVD-202010-1527

EXTERNAL IDS
db:NVDid:CVE-2018-4339
Trust: 2.6
db:JVNid:JVNVU96365720
Trust: 1.6
db:JVNDBid:JVNDB-2018-016510
Trust: 0.8
db:JVNDBid:JVNDB-2018-008908
Trust: 0.8
db:CNNVDid:CNNVD-202010-1527
Trust: 0.7
db:CNVDid:CNVD-2020-65937
Trust: 0.1
db:VULHUBid:VHN-134370
Trust: 0.1
db:VULMONid:CVE-2018-4339
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134370 // 
            
            
            
            VULMON: CVE-2018-4339 // 
            
            
            
            JVNDB: JVNDB-2018-016510 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            CNNVD: CNNVD-202010-1527 // 
            
            
            
            NVD: CVE-2018-4339

REFERENCES
url:https://support.apple.com/en-us/ht209192
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4339
Trust: 1.4
url:http://jvn.jp/vu/jvnvu96365720/index.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96365720/
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134370 // 
            
            
            
            VULMON: CVE-2018-4339 // 
            
            
            
            JVNDB: JVNDB-2018-016510 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            CNNVD: CNNVD-202010-1527 // 
            
            
            
            NVD: CVE-2018-4339

SOURCES
db:VULHUBid:VHN-134370
db:VULMONid:CVE-2018-4339
db:JVNDBid:JVNDB-2018-016510
db:JVNDBid:JVNDB-2018-008908
db:CNNVDid:CNNVD-202010-1527
db:NVDid:CVE-2018-4339

LAST UPDATE DATE
2024-11-23T19:42:13.834000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134370date:2020-10-28T00:00:00
db:VULMONid:CVE-2018-4339date:2020-10-28T00:00:00
db:JVNDBid:JVNDB-2018-016510date:2021-05-14T09:08:00
db:JVNDBid:JVNDB-2018-008908date:2018-11-01T00:00:00
db:CNNVDid:CNNVD-202010-1527date:2020-10-29T00:00:00
db:NVDid:CVE-2018-4339date:2024-11-21T04:07:13.457

SOURCES RELEASE DATE
db:VULHUBid:VHN-134370date:2020-10-27T00:00:00
db:VULMONid:CVE-2018-4339date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2018-016510date:2021-05-14T00:00:00
db:JVNDBid:JVNDB-2018-008908date:2018-11-01T00:00:00
db:CNNVDid:CNNVD-202010-1527date:2020-10-27T00:00:00
db:NVDid:CVE-2018-4339date:2020-10-27T20:15:13.377