CVE-2015-5869 : The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple i

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Published 2015-09-18 12:00:15

Updated 2025-04-12 10:46:41

Source Apple Inc.

View at NVD, CVE.org

Products affected by CVE-2015-5869

Apple » Mac Os X
Versions up to, including, (<=) 10.10.5
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os
Versions up to, including, (<=) 8.4.1
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Apple » Watchos » Version: 1.0
cpe:2.3:o:apple:watchos:1.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-5869

EPSS FAQ

0.37%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 56 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-5869

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.3	LOW	AV:A/AC:L/Au:N/C:N/I:P/A:N	6.5	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2015-5869

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-5869

http://www.securityfocus.com/bid/76764

Apple iOS APPLE-SA-2015-09-16-1 Multiple Security Vulnerabilities

CVEs referencing this url
http://www.securitytracker.com/id/1033609

Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, Bypass Security Restrictions, and Deny Service and Let Apps and Local Users Gain Elevated Pr

CVEs referencing this url
https://support.apple.com/HT205267

About the security content of OS X El Capitan v10.11 - Apple Support
Vendor Advisory

CVEs referencing this url
http://openwall.com/lists/oss-security/2015/04/04/2

oss-security - Re: CVE Request : IPv6 Hop limit lowering via RA messages

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

Apple - Lists.apple.com
Vendor Advisory

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html

Apple - Lists.apple.com
Vendor Advisory

CVEs referencing this url
https://support.apple.com/HT205212

About the security content of iOS 9 - Apple Support
Vendor Advisory

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Apple - Lists.apple.com
Vendor Advisory

CVEs referencing this url
https://support.apple.com/HT205213

About the security content of watchOS 2 - Apple Support
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-5869

Products affected by CVE-2015-5869

Exploit prediction scoring system (EPSS) score for CVE-2015-5869

CVSS scores for CVE-2015-5869

CWE ids for CVE-2015-5869

References for CVE-2015-5869