CVE-2018-4086

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Security" component. It allows remote attackers to spoof certificate validation via crafted name constraints.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
appleapple_tv
𝑥
< 11.2.5
appleiphone_os
𝑥
< 11.2.5
applemac_os_x
𝑥
< 10.13.3
applewatchos
𝑥
< 4.2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102782
http://www.securitytracker.com/id/1040265
http://www.securitytracker.com/id/1040267
https://support.apple.com/HT208462
https://support.apple.com/HT208463
https://support.apple.com/HT208464
https://support.apple.com/HT208465
http://www.securityfocus.com/bid/102782
http://www.securitytracker.com/id/1040265
http://www.securitytracker.com/id/1040267
https://support.apple.com/HT208462
https://support.apple.com/HT208463
https://support.apple.com/HT208464
https://support.apple.com/HT208465