CVE-2018-19937
MEDIUM
6,6
Source: [email protected]
Attack Vector: physical
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM
4,6
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0004
Percentile
0,1th
Updated
EPSS Score Trend (Last 91 Days)
287
Improper Authentication
DraftCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Access Control
Potential Impacts:
Read Application Data
Gain Privileges Or Assume Identity
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies:
ICS/OT, Not Technology-Specific, Web Based
Application
Vlc For Mobile by Videolan
Version Range Affected
To
3.1.5
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:videolan:vlc_for_mobile:*:*:*:*:*:iphone_os:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/videolan/vlc-ios/pull/178/commits/d84d7c0a94eb7fba202d2c5fc3…
https://itunes.apple.com/ms/app/vlc-for-mobile/id650377962?mt=8
https://github.com/videolan/vlc-ios/pull/178/commits/d84d7c0a94eb7fba202d2c5fc3…
https://itunes.apple.com/ms/app/vlc-for-mobile/id650377962?mt=8