ID CVE-2008-3612
Summary The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.
References
Vulnerable Configurations
  • cpe:2.3:h:apple:iphone:2.0:*:*:*:*:*:*:*
    cpe:2.3:h:apple:iphone:2.0:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:apple:iphone:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:h:apple:iphone:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 20-06-2011 - 04:00)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
apple
  • APPLE-SA-2008-09-09
  • APPLE-SA-2008-09-12
bid 31092
confirm
sectrack 1020848
secunia
  • 31823
  • 31900
vupen
  • ADV-2008-2525
  • ADV-2008-2558
vulnerable_product via4
  • cpe:2.3:h:apple:iphone:2.0:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:iphone:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:*
Last major update 20-06-2011 - 04:00
Published 11-09-2008 - 01:13
Back to Top