CVE-2010-1809

The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html	Mailing List Vendor Advisory
http://support.apple.com/kb/HT4334	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/61694	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:apple:ipod_touch:-:::::::*
	cpe:2.3:o:apple:iphone_os:-:::::::*

History

No history.

Information

Published : 2010-09-09 22:00

Updated : 2022-08-09 13:46

NVD link : CVE-2010-1809

Mitre link : CVE-2010-1809

CVE.ORG link : CVE-2010-1809

JSON object : View

Products Affected

apple

ipod_touch
iphone_os

CWE

NVD-CWE-noinfo

{"id": "CVE-2010-1809", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-09-09T22:00:01.517", "references": [{"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html", "tags": ["Mailing List", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://support.apple.com/kb/HT4334", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61694", "tags": ["Third Party Advisory", "VDB Entry"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors."}, {"lang": "es", "value": "El componente Accessibility en Apple iOS anterior a v4.1 en el iPhone e iPod touch no lleva a cabo el esperado anuncio de VoiceOver asociado con el icono de ubicaci\u00f3n de servicios, que tiene un impacto y unos vectores de ataque no especificados."}], "lastModified": "2022-08-09T13:46:59.567", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52D67004-A069-4868-9C17-C252032F4F1E", "versionEndExcluding": "4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9"}, {"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "product-security@apple.com"}