Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-2794

The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.

Published

2009-09-10T21:30:01.140

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-362

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	apple	iphone_os	2.0	Yes
Operating System	apple	iphone_os	2.0.0	Yes
Operating System	apple	iphone_os	2.0.1	Yes
Operating System	apple	iphone_os	2.0.1	Yes
Operating System	apple	iphone_os	2.0.2	Yes
Operating System	apple	iphone_os	2.0.2	Yes
Operating System	apple	iphone_os	2.1	Yes
Operating System	apple	iphone_os	2.1	Yes
Operating System	apple	iphone_os	2.1.1	Yes
Operating System	apple	iphone_os	2.2	Yes
Operating System	apple	iphone_os	2.2	Yes
Operating System	apple	iphone_os	2.2.1	Yes
Operating System	apple	iphone_os	2.2.1	Yes
Operating System	apple	iphone_os	3.0	Yes
Operating System	apple	iphone_os	3.0	Yes
Operating System	apple	iphone_os	3.0.1	Yes

References

http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/36677 Vendor Advisory ([email protected])
http://support.apple.com/kb/HT3860 Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/36342 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/53181 ([email protected])
http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36677 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT3860 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/36342 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53181 (af854a3a-2127-422b-91ae-364da2661108)