CVE-2015-3756

LOW

Description

The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.

References

http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html

http://www.securityfocus.com/bid/76337

http://www.securitytracker.com/id/1033275

https://support.apple.com/kb/HT205030

Details

Source: MITRE

Published: 2015-08-16

Updated: 2016-12-24

Type: CWE-254

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW