Vulnerability Details : CVE-2015-3756
The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.
Products affected by CVE-2015-3756
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3756
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3756
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2015-3756
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3756
-
http://www.securitytracker.com/id/1033275
Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service and Let Apps Gain Elevated Privileges - SecurityTracker
-
http://www.securityfocus.com/bid/76337
Apple iOS APPLE-SA-2015-08-13-3 Multiple Security Vulnerabilities
-
http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
Apple - Lists.apple.comVendor Advisory
-
https://support.apple.com/kb/HT205030
About the security content of iOS 8.4.1 - Apple SupportVendor Advisory
Jump to