CVE-2011-1418

EUVD-2011-1424
The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
appleiphone_os
𝑥
≤ 4.2
appleiphone_os
1.0.0
appleiphone_os
1.0.1
appleiphone_os
1.0.2
appleiphone_os
1.1.0
appleiphone_os
1.1.1
appleiphone_os
1.1.2
appleiphone_os
1.1.3
appleiphone_os
1.1.4
appleiphone_os
1.1.5
appleiphone_os
2.0
appleiphone_os
2.0.0
appleiphone_os
2.0.1
appleiphone_os
2.0.2
appleiphone_os
2.1
appleiphone_os
2.1.1
appleiphone_os
2.2
appleiphone_os
2.2.1
appleiphone_os
3.0
appleiphone_os
3.0.1
appleiphone_os
3.1
appleiphone_os
3.1.2
appleiphone_os
3.1.3
appleiphone_os
3.2
appleiphone_os
3.2.1
appleiphone_os
3.2.2
appleiphone_os
4.0
appleiphone_os
4.0.1
appleiphone_os
4.0.2
appleiphone_os
4.1
appleapple_tv
4.0
appletvos
𝑥
≤ 3.0.2
appletvos
1.0.0
appletvos
1.1.0
appletvos
2.0.0
appletvos
2.0.1
appletvos
2.0.2
appletvos
2.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html
http://support.apple.com/kb/HT4564
http://support.apple.com/kb/HT4565
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html
http://support.apple.com/kb/HT4564
http://support.apple.com/kb/HT4565