CVE-2016-1766

Severity

Theme

Newest
Updated
Search

Newest
Updated
Search

CVE-2016-1766

high

Description

The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.

References

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

http://www.securitytracker.com/id/1035353

http://www.zerodayinitiative.com/advisories/ZDI-16-314

https://support.apple.com/HT206166

Details

Source: MITRE

Published: 2016-03-24

Updated: 2016-12-03

Type: NVD-CWE-noinfo

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH