CVE-2015-1104 : The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine wheth

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.

Published 2015-04-10 14:59:20

Updated 2019-03-08 16:06:32

Source Apple Inc.

View at NVD, CVE.org

Vulnerability category: Input validation

Exploit prediction scoring system (EPSS) score for CVE-2015-1104

Probability of exploitation activity in the next 30 days: 1.02%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-1104

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2015-1104

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-1104

http://www.securitytracker.com/id/1032048

Apple OS X Multiple Bugs Let Remote and Local Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service - SecurityTracker

CVEs referencing this url
https://support.apple.com/kb/HT204870

About the security content of Watch OS 1.0.1 - Apple Support

CVEs referencing this url
https://support.apple.com/HT204662

About the security content of Apple TV 7.2 - Apple Support
Vendor Advisory

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html

Apple - Lists.apple.com
Vendor Advisory

CVEs referencing this url
https://support.apple.com/HT204659

About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004 - Apple Support
Vendor Advisory

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

Apple - Lists.apple.com
Vendor Advisory

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html

Apple - Lists.apple.com
Vendor Advisory

CVEs referencing this url
https://support.apple.com/HT204661

About the security content of iOS 8.3 - Apple Support
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2015-1104

Apple » Mac Os X
Versions up to, including, (<=) 10.10.2
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os
Versions up to, including, (<=) 8.2
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Apple » Tvos
Versions up to, including, (<=) 7.1
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-1104

Exploit prediction scoring system (EPSS) score for CVE-2015-1104

CVSS scores for CVE-2015-1104

CWE ids for CVE-2015-1104

References for CVE-2015-1104

Products affected by CVE-2015-1104