Vulnerability Details : CVE-2017-2498
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate.
Products affected by CVE-2017-2498
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-2498
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-2498
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-2498
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-2498
-
https://support.apple.com/HT207798
About the security content of iOS 10.3.2 - Apple SupportVendor Advisory
-
http://www.securitytracker.com/id/1038485
Apple iOS Flaws Permit Certification Validation Bypass and Let Applications Deny Service and Gain Elevated Privileges - SecurityTracker
-
http://www.securityfocus.com/bid/98479
Apple iOS APPLE-SA-2017-05-15-2 Security Bypass and Denial of Service VulnerabilitiesThird Party Advisory;VDB Entry
Jump to