CVE-2008-4228 - OpenCVE

The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os Ipod Touch

Configuration 1 [-]

AND

OR	cpe:2.3:h:apple:ipod_touch::::::::
	cpe:2.3:o:apple:iphone_os::::::::

OR	cpe:2.3:o:apple:iphone_os:1.0:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:1.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.3:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.4:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.5:::::::*
	cpe:2.3:o:apple:iphone_os:2.0:::::::*
	cpe:2.3:o:apple:iphone_os:2.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:2.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:2.1:::::::*

No data.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html
http://osvdb.org/50025
http://secunia.com/advisories/32756
http://support.apple.com/kb/HT3318
http://www.securityfocus.com/bid/32394
http://www.securitytracker.com/id?1021271
http://www.vupen.com/english/advisories/2008/3232

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-11-25T23:00:00

Updated: 2024-08-07T10:08:34.952Z

Reserved: 2008-09-24T00:00:00

Link: CVE-2008-4228

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-11-25T23:30:00.390

Modified: 2022-08-09T13:48:58.127

Link: CVE-2008-4228

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-20T00:00:00", "descriptions": [{"lang": "en", "value": "The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2008-12-03T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1021271", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021271"}, {"name": "APPLE-SA-2008-11-20", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"}, {"name": "ADV-2008-3232", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/3232"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3318"}, {"name": "32394", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32394"}, {"name": "50025", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/50025"}, {"name": "32756", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32756"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4228", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1021271", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021271"}, {"name": "APPLE-SA-2008-11-20", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"}, {"name": "ADV-2008-3232", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3232"}, {"name": "http://support.apple.com/kb/HT3318", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3318"}, {"name": "32394", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32394"}, {"name": "50025", "refsource": "OSVDB", "url": "http://osvdb.org/50025"}, {"name": "32756", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32756"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:08:34.952Z"}, "title": "CVE Program Container", "references": [{"name": "1021271", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1021271"}, {"name": "APPLE-SA-2008-11-20", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"}, {"name": "ADV-2008-3232", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/3232"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3318"}, {"name": "32394", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32394"}, {"name": "50025", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/50025"}, {"name": "32756", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32756"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4228", "datePublished": "2008-11-25T23:00:00", "dateReserved": "2008-09-24T00:00:00", "dateUpdated": "2024-08-07T10:08:34.952Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*", "matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1", "vulnerable": false}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "41DB23F0-7226-4D0B-A3FA-A801F02EBA6B", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B4AEDE82-E317-4066-A34F-BB3BCD3F53E2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number."}, {"lang": "es", "value": "La funcionalidad de bloqueo del terminal (Passcode Lock) en Apple iPhone OS 1.0 hasta 2.1 y iPhone OS para iPod touch 1.1 hasta 2.1 permite a atacantes con acceso f\u00edsico aprovechar la llamada de emergencia en dispositivos bloqueados hacer una llamada de tel\u00e9fono a un n\u00famero de se elecci\u00f3n."}], "id": "CVE-2008-4228", "lastModified": "2022-08-09T13:48:58.127", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-11-25T23:30:00.390", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/50025"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32756"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT3318"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/32394"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1021271"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/3232"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}