CVE-2009-1679 : The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when install

The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy.

Published 2009-06-19 16:30:00

Updated 2022-08-09 13:48:59

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2009-1679

Probability of exploitation activity in the next 30 days: 0.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 24 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-1679

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2009-1679

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-1679

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/35436
https://exchange.xforce.ibmcloud.com/vulnerabilities/51212
http://www.vupen.com/english/advisories/2009/1621

Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/35414

CVEs referencing this url
http://support.apple.com/kb/HT3639

About the security content of iOS 3.0 Software Update - Apple Support
Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2009-1679

Apple » Ipod Touch
cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 2.0.2
cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 2.0.1
cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 1.0.2
cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 2.1
cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 1.1.2
cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 1.1.1
cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 2.0
cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 1.1.5
cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 1.0.1
cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 1.1.4
cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 1.1.3
cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 2.2.1
cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 1.0.0
cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 2.2
cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 2.1.1
cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 2.0.0
cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os » Version: 1.1.0
cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2009-1679

Exploit prediction scoring system (EPSS) score for CVE-2009-1679

CVSS scores for CVE-2009-1679

CWE ids for CVE-2009-1679

References for CVE-2009-1679

Products affected by CVE-2009-1679