Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 19/06/2009 Updated: 09/08/2022

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

The Profiles component in Apple iPhone OS 1.0 up to and including 2.2.1 and iPhone OS for iPod touch 1.1 up to and including 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate malicious users to bypass the intended policy.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone_os 1.0.2
apple iphone_os 2.2
apple iphone_os 1.1.1
apple iphone_os 2.0.0
apple iphone_os 1.1.2
apple iphone_os 1.1.3
apple iphone_os 1.1.0
apple iphone_os 1.0.1
apple iphone_os 2.1
apple iphone_os 2.1.1
apple iphone_os 2.0.2
apple iphone_os 2.0.1
apple iphone_os 2.2.1
apple iphone_os 1.1.5
apple iphone_os 1.1.4
apple iphone_os 1.0.0
apple iphone_os 2.0
apple iphone_os
apple ipod_touch

CWE-264 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://support.apple.com/kb/HT3639 http://www.vupen.com/english/advisories/2009/1621 http://www.securityfocus.com/bid/35436 http://www.securityfocus.com/bid/35414 http://osvdb.org/55239 https://exchange.xforce.ibmcloud.com/vulnerabilities/51212 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-1679

Vulnerability Summary

References

Vulmon Search

About

Products

Connect