CVE-2018-4086 Information
Feb 14, 2021
cve
Description
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the \Security\ component. It allows remote attackers to spoof certificate validation via crafted name constraints.
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Reference
http://www.securityfocus.com/bid/102782 http://www.securitytracker.com/id/1040265 http://www.securitytracker.com/id/1040267 https://support.apple.com/HT208462 https://support.apple.com/HT208463 https://support.apple.com/HT208464 https://support.apple.com/HT208465
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
NONE
Base Severity
5.9
Share on: