CVE-2013-5148

Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a sleep operation.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.apple.com/archives/security-announce/2013/Oct/msg00005.html	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:keynote::::::::
	cpe:2.3:a:apple:keynote:5.1:::::::*
	cpe:2.3:a:apple:keynote:5.2:::::::*
	cpe:2.3:a:apple:keynote:5.0.1:::::::*
	cpe:2.3:a:apple:keynote:5.0.2:::::::*
	cpe:2.3:a:apple:keynote:5.0.3:::::::*
	cpe:2.3:a:apple:keynote:5.0.4:::::::*
	cpe:2.3:a:apple:keynote:5.0:::::::*
	cpe:2.3:a:apple:keynote:5.0.5:::::::*
	cpe:2.3:a:apple:keynote:5.1.1:::::::*

Information

Published : 2013-10-24 03:53

Updated : 2013-10-24 11:24

NVD link : CVE-2013-5148

Mitre link : CVE-2013-5148

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

apple

keynote

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00005.html", "name": "APPLE-SA-2013-10-22-4", "tags": ["Vendor Advisory"], "refsource": "APPLE"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a sleep operation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-5148", "ASSIGNER": "product-security@apple.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-10-24T10:53Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apple:keynote:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.3"}, {"cpe23Uri": "cpe:2.3:a:apple:keynote:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:keynote:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:keynote:5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:keynote:5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:keynote:5.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:keynote:5.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:keynote:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:keynote:5.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:keynote:5.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-10-24T18:24Z"}