nvd-json-data-feeds/CVE-2023/CVE-2023-419xx/CVE-2023-41991.json

{
  "id": "CVE-2023-41991",
  "sourceIdentifier": "product-security@apple.com",
  "published": "2023-09-21T19:15:11.283",
  "lastModified": "2023-09-25T16:17:24.463",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."
    },
    {
      "lang": "es",
      "value": "Se solucion\u00f3 un problema de validaci\u00f3n de certificados. Este problema se solucion\u00f3 en iOS 16.7 y iPadOS 16.7, OS 17.0.1 y iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. Es posible que una aplicaci\u00f3n maliciosa pueda omitir la validaci\u00f3n de firmas. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "16.7",
              "matchCriteriaId": "0379BAF3-B879-4710-A2B6-97CA03B19373"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7F45FD5-BD2C-41B5-ADCA-D7F99A0FD4A3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "16.7",
              "matchCriteriaId": "3FC8EB94-1D4F-4CE8-83D0-9086D1EBBC8F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "502CD624-FA22-4C7B-9CA3-53CA938BE1AB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "13.0",
              "versionEndExcluding": "13.6",
              "matchCriteriaId": "7A78DA60-AE3B-4B3C-B338-97DAFABEBB1F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "9.6.3",
              "matchCriteriaId": "87E56518-DB8C-4F2F-8928-F9A074FB4B91"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:apple:watchos:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "894D48EB-A3F0-4EAC-8FF0-59F5C5B85A27"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://seclists.org/fulldisclosure/2023/Sep/14",
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "http://seclists.org/fulldisclosure/2023/Sep/15",
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "http://seclists.org/fulldisclosure/2023/Sep/16",
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "http://seclists.org/fulldisclosure/2023/Sep/17",
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "http://seclists.org/fulldisclosure/2023/Sep/19",
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://support.apple.com/en-us/HT213926",
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://support.apple.com/en-us/HT213927",
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://support.apple.com/en-us/HT213928",
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://support.apple.com/en-us/HT213929",
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://support.apple.com/en-us/HT213931",
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://support.apple.com/kb/HT213926",
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}
Auto-Update: 2023-09-21T20:00:24.924457+00:00 2023-09-21 20:00:28 +00:00			`{`
			`"id": "CVE-2023-41991",`
			`"sourceIdentifier": "product-security@apple.com",`
			`"published": "2023-09-21T19:15:11.283",`
Auto-Update: 2023-09-25T18:00:27.430472+00:00 2023-09-25 18:00:31 +00:00			`"lastModified": "2023-09-25T16:17:24.463",`
			`"vulnStatus": "Analyzed",`
Auto-Update: 2023-09-21T20:00:24.924457+00:00 2023-09-21 20:00:28 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."`
Auto-Update: 2023-09-23T04:00:24.104637+00:00 2023-09-23 04:00:27 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "Se solucion\u00f3 un problema de validaci\u00f3n de certificados. Este problema se solucion\u00f3 en iOS 16.7 y iPadOS 16.7, OS 17.0.1 y iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. Es posible que una aplicaci\u00f3n maliciosa pueda omitir la validaci\u00f3n de firmas. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7."`
Auto-Update: 2023-09-21T20:00:24.924457+00:00 2023-09-21 20:00:28 +00:00			`}`
			`],`
Auto-Update: 2023-09-25T18:00:27.430472+00:00 2023-09-25 18:00:31 +00:00			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",`
			`"attackVector": "LOCAL",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "REQUIRED",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.5,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 1.8,`
			`"impactScore": 3.6`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-295"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:apple:ipad_os::::::::",`
			`"versionEndExcluding": "16.7",`
			`"matchCriteriaId": "0379BAF3-B879-4710-A2B6-97CA03B19373"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:apple:ipad_os:17.0:::::::*",`
			`"matchCriteriaId": "D7F45FD5-BD2C-41B5-ADCA-D7F99A0FD4A3"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:apple:iphone_os::::::::",`
			`"versionEndExcluding": "16.7",`
			`"matchCriteriaId": "3FC8EB94-1D4F-4CE8-83D0-9086D1EBBC8F"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:apple:iphone_os:17.0:::::::*",`
			`"matchCriteriaId": "502CD624-FA22-4C7B-9CA3-53CA938BE1AB"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:apple:macos::::::::",`
			`"versionStartIncluding": "13.0",`
			`"versionEndExcluding": "13.6",`
			`"matchCriteriaId": "7A78DA60-AE3B-4B3C-B338-97DAFABEBB1F"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:apple:watchos::::::::",`
			`"versionEndExcluding": "9.6.3",`
			`"matchCriteriaId": "87E56518-DB8C-4F2F-8928-F9A074FB4B91"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:apple:watchos:10.0.0:::::::*",`
			`"matchCriteriaId": "894D48EB-A3F0-4EAC-8FF0-59F5C5B85A27"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-09-21T20:00:24.924457+00:00 2023-09-21 20:00:28 +00:00			`"references": [`
Auto-Update: 2023-09-23T04:00:24.104637+00:00 2023-09-23 04:00:27 +00:00			`{`
			`"url": "http://seclists.org/fulldisclosure/2023/Sep/14",`
Auto-Update: 2023-09-25T18:00:27.430472+00:00 2023-09-25 18:00:31 +00:00			`"source": "product-security@apple.com",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
Auto-Update: 2023-09-23T04:00:24.104637+00:00 2023-09-23 04:00:27 +00:00			`},`
			`{`
			`"url": "http://seclists.org/fulldisclosure/2023/Sep/15",`
Auto-Update: 2023-09-25T18:00:27.430472+00:00 2023-09-25 18:00:31 +00:00			`"source": "product-security@apple.com",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
Auto-Update: 2023-09-23T04:00:24.104637+00:00 2023-09-23 04:00:27 +00:00			`},`
			`{`
			`"url": "http://seclists.org/fulldisclosure/2023/Sep/16",`
Auto-Update: 2023-09-25T18:00:27.430472+00:00 2023-09-25 18:00:31 +00:00			`"source": "product-security@apple.com",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
Auto-Update: 2023-09-23T04:00:24.104637+00:00 2023-09-23 04:00:27 +00:00			`},`
			`{`
			`"url": "http://seclists.org/fulldisclosure/2023/Sep/17",`
Auto-Update: 2023-09-25T18:00:27.430472+00:00 2023-09-25 18:00:31 +00:00			`"source": "product-security@apple.com",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
Auto-Update: 2023-09-23T04:00:24.104637+00:00 2023-09-23 04:00:27 +00:00			`},`
			`{`
			`"url": "http://seclists.org/fulldisclosure/2023/Sep/19",`
Auto-Update: 2023-09-25T18:00:27.430472+00:00 2023-09-25 18:00:31 +00:00			`"source": "product-security@apple.com",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
Auto-Update: 2023-09-23T04:00:24.104637+00:00 2023-09-23 04:00:27 +00:00			`},`
Auto-Update: 2023-09-21T20:00:24.924457+00:00 2023-09-21 20:00:28 +00:00			`{`
			`"url": "https://support.apple.com/en-us/HT213926",`
Auto-Update: 2023-09-25T18:00:27.430472+00:00 2023-09-25 18:00:31 +00:00			`"source": "product-security@apple.com",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2023-09-21T20:00:24.924457+00:00 2023-09-21 20:00:28 +00:00			`},`
			`{`
			`"url": "https://support.apple.com/en-us/HT213927",`
Auto-Update: 2023-09-25T18:00:27.430472+00:00 2023-09-25 18:00:31 +00:00			`"source": "product-security@apple.com",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2023-09-21T20:00:24.924457+00:00 2023-09-21 20:00:28 +00:00			`},`
			`{`
			`"url": "https://support.apple.com/en-us/HT213928",`
Auto-Update: 2023-09-25T18:00:27.430472+00:00 2023-09-25 18:00:31 +00:00			`"source": "product-security@apple.com",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2023-09-21T20:00:24.924457+00:00 2023-09-21 20:00:28 +00:00			`},`
			`{`
			`"url": "https://support.apple.com/en-us/HT213929",`
Auto-Update: 2023-09-25T18:00:27.430472+00:00 2023-09-25 18:00:31 +00:00			`"source": "product-security@apple.com",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2023-09-21T20:00:24.924457+00:00 2023-09-21 20:00:28 +00:00			`},`
			`{`
			`"url": "https://support.apple.com/en-us/HT213931",`
Auto-Update: 2023-09-25T18:00:27.430472+00:00 2023-09-25 18:00:31 +00:00			`"source": "product-security@apple.com",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2023-09-21T22:00:24.060387+00:00 2023-09-21 22:00:27 +00:00			`},`
			`{`
			`"url": "https://support.apple.com/kb/HT213926",`
Auto-Update: 2023-09-25T18:00:27.430472+00:00 2023-09-25 18:00:31 +00:00			`"source": "product-security@apple.com",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2023-09-21T20:00:24.924457+00:00 2023-09-21 20:00:28 +00:00			`}`
			`]`
			`}`