Vulnerability Description
The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | 2.0 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.htmlPatchVendor Advisory
- http://secunia.com/advisories/36677Vendor Advisory
- http://support.apple.com/kb/HT3860PatchVendor Advisory
- http://www.securityfocus.com/bid/36342
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53181
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.htmlPatchVendor Advisory
- http://secunia.com/advisories/36677Vendor Advisory
- http://support.apple.com/kb/HT3860PatchVendor Advisory
- http://www.securityfocus.com/bid/36342
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53181
FAQ
What is CVE-2009-2794?
CVE-2009-2794 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows loca...
How severe is CVE-2009-2794?
CVE-2009-2794 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2794?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os.