CVE-2009-2794
Last modified
CVE-2009-2794 is a vulnerability of currently unknown severity. The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.. EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | 2.0 |
| Apple | Iphone Os | 2.0.0 |
| Apple | Iphone Os | 2.0.1 |
| Apple | Iphone Os | 2.0.2 |
| Apple | Iphone Os | 2.1 |
| Apple | Iphone Os | 2.1.1 |
| Apple | Iphone Os | 2.2 |
| Apple | Iphone Os | 2.2.1 |
| Apple | Iphone Os | 3.0 |
| Apple | Iphone Os | 3.0.1 |
References
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.htmlPatch, Vendor Advisory
- http://secunia.com/advisories/36677Vendor Advisory
- http://support.apple.com/kb/HT3860Patch, Vendor Advisory
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.htmlPatch, Vendor Advisory
- http://secunia.com/advisories/36677Vendor Advisory
- http://support.apple.com/kb/HT3860Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-2794?
How severe is CVE-2009-2794?
How do I fix CVE-2009-2794?
Are you affected by CVE-2009-2794?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST