CVE-2019-8856
Vulnerability from cvelistv5
Published
2020-10-27 20:07
Modified
2024-08-04 21:31
Severity ?
EPSS score ?
Summary
An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans.
References
▼ | URL | Tags | |
---|---|---|---|
product-security@apple.com | https://support.apple.com/en-us/HT210785 | Release Notes, Vendor Advisory | |
product-security@apple.com | https://support.apple.com/en-us/HT210788 | Release Notes, Vendor Advisory | |
product-security@apple.com | https://support.apple.com/en-us/HT210789 | Release Notes, Vendor Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T21:31:37.515Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT210785" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT210788" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT210789" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "13.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "10.15", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "6.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans." } ], "problemTypes": [ { "descriptions": [ { "description": "Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-27T20:07:15", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT210785" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT210788" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT210789" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2019-8856", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "iOS and iPadOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "13.3" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "10.15" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "6.1" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans" } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT210785", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210785" }, { "name": "https://support.apple.com/en-us/HT210788", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210788" }, { "name": "https://support.apple.com/en-us/HT210789", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210789" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2019-8856", "datePublished": "2020-10-27T20:07:15", "dateReserved": "2019-02-18T00:00:00", "dateUpdated": "2024-08-04T21:31:37.515Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-8856\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2020-10-27T21:15:13.667\",\"lastModified\":\"2021-07-21T11:39:23.747\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans.\"},{\"lang\":\"es\",\"value\":\"Se present\u00f3 un problema de la API en el manejo de llamadas telef\u00f3nicas salientes iniciadas con Siri.\u0026#xa0;Este problema se abord\u00f3 con el manejo del estado mejorado.\u0026#xa0;Este problema se corrigi\u00f3 en iOS versi\u00f3n 13.3 y iPadOS versi\u00f3n 13.3, watchOS versi\u00f3n 6.1.1, macOS Catalina versi\u00f3n 10.15.2, Security Update 2019-002 Mojave y Security Update 2019-007 High Sierra.\u0026#xa0;Las llamadas hechas usando Siri pueden ser iniciadas utilizando el plan celular incorrecto en dispositivos con dos planes activos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.3\",\"matchCriteriaId\":\"A02B4418-82F4-4A23-8F4C-3C03C5522FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.3\",\"matchCriteriaId\":\"FDAD0B76-9EF7-4CCF-8CDD-6CF7355D0767\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.15.2\",\"matchCriteriaId\":\"F15588EA-D854-4694-97C6-53D9AA8B6F2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1.1\",\"matchCriteriaId\":\"F193B258-BDAC-4E4B-BA39-9DC4FA619BDF\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT210785\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT210788\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT210789\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.