The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash.
Base Score: 2.9
Impact Score: 2.9
Exploitability Score: 5.5
Base Score: 5.6
Impact Score: 4
Exploitability Score: 1.2
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to 7.1.2 (inclusive)
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* versions up to 6.2 (inclusive)
|78550||Mac OS X < 10.10 Multiple Vulnerabilities (POODLE) (Shellshock)||Nessus||MacOS X Local Security Checks|
|77822||Apple TV < 7 Multiple Vulnerabilities||Nessus||Misc.|
|8392||Apple TV < 7 Multiple Vulnerabilities||Nessus Network Monitor||Internet Services|
|77745||Apple iOS < 8 Multiple Vulnerabilities||Nessus||Mobile Devices|
|8393||Apple iOS < 8.0 Multiple Vulnerabilities||Nessus Network Monitor||Mobile Devices|