CVE-2013-5144 : Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically prox

Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference.

Published 2013-10-24 03:48:49

Updated 2013-10-24 14:15:30

Source Apple Inc.

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2013-5144

Apple » Iphone Os
Versions up to, including, (<=) 7.0.2
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.0
cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 7.0.1
cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-5144

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-5144

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.3	LOW	AV:L/AC:M/Au:N/C:P/I:P/A:N	3.4	4.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2013-5144

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-5144

http://lists.apple.com/archives/security-announce/2013/Oct/msg00002.html

Apple - Lists.apple.com
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2013-5144

Products affected by CVE-2013-5144

Exploit prediction scoring system (EPSS) score for CVE-2013-5144

CVSS scores for CVE-2013-5144

CWE ids for CVE-2013-5144

References for CVE-2013-5144