CVE-2012-0646 - Vulnerability Details - OpenCVE

ReportizFlow

Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os

Configuration 1 [-]

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
http://secunia.com/advisories/48288
http://www.securitytracker.com/id?1026774

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2012-03-08T22:00:00

Updated: 2024-08-06T18:30:53.793Z

Reserved: 2012-01-12T00:00:00

Link: CVE-2012-0646

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-03-08T22:55:04.277

Modified: 2024-11-21T01:35:27.403

Link: CVE-2012-0646

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-03-07T00:00:00", "descriptions": [{"lang": "en", "value": "Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T18:57:02", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "1026774", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1026774"}, {"name": "48288", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48288"}, {"name": "APPLE-SA-2012-03-07-2", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2012-0646", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1026774", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026774"}, {"name": "48288", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48288"}, {"name": "APPLE-SA-2012-03-07-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:30:53.793Z"}, "title": "CVE Program Container", "references": [{"name": "1026774", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1026774"}, {"name": "48288", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48288"}, {"name": "APPLE-SA-2012-03-07-2", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2012-0646", "datePublished": "2012-03-08T22:00:00", "dateReserved": "2012-01-12T00:00:00", "dateUpdated": "2024-08-06T18:30:53.793Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B150860-FC76-4DDC-9FEE-BC5D96D08751", "versionEndExcluding": "5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file."}, {"lang": "es", "value": "Una vulnerabilidad de formato de cadena en la VPN de Apple iOS antes de v5.1 permite a atcantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero de configuraci\u00f3n racoon.conf espec\u00edficamente configurado para este fin."}], "id": "CVE-2012-0646", "lastModified": "2024-11-21T01:35:27.403", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-03-08T22:55:04.277", "references": [{"source": "[email protected]", "tags": ["Mailing List", "Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/48288"}, {"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1026774"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/48288"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1026774"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "[email protected]", "type": "Primary"}]}