#VU6577 Authentication bypass in Apple iOS - CVE-2017-2498
Published: May 16, 2017
Vulnerability identifier: #VU6577
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-2498
CWE-ID: CWE-592
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Apple iOS
Apple iOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows a remote attacker to bypass authentication on the target system.
The weakness exists due to an unspecified certificate validation error in the Security component. A remote attacker can send a specially crafted certificate and bypass authentication to access the system.
Successful exploitation of the vulnerability may result in conducting of further attacks.
The weakness exists due to an unspecified certificate validation error in the Security component. A remote attacker can send a specially crafted certificate and bypass authentication to access the system.
Successful exploitation of the vulnerability may result in conducting of further attacks.
Remediation
Update to version 10.3.2.