Vulnerability Details : CVE-2017-13874
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection.
Exploit prediction scoring system (EPSS) score for CVE-2017-13874
Probability of exploitation activity in the next 30 days: 0.22%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 60 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-13874
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2017-13874
-
http://www.securitytracker.com/id/1039953
Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information and Let Local Users View Memory Contents and Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
https://support.apple.com/HT208334
About the security content of iOS 11.2 - Apple SupportVendor Advisory
-
http://www.securityfocus.com/bid/102097
Apple iOS APPLE-SA-2017-12-6-2 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
Products affected by CVE-2017-13874
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*