CVE-2016-5109 - OpenCVE

Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecified vectors, related to an application requiring re-authentication.

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Citrix	Worx Home Xenmobile Mdx Toolkit

Configuration 1 [-]

OR	cpe:2.3:a:citrix:xenmobile_mdx_toolkit:10.3.0:::::iphone_os::
	cpe:2.3:a:citrix:xenmobile_mdx_toolkit:10.3.5:::::iphone_os::

Configuration 2 [-]

OR	cpe:2.3:a:citrix:worx_home:10.3.0:::::iphone_os::
	cpe:2.3:a:citrix:worx_home:10.3.1:::::iphone_os::
	cpe:2.3:a:citrix:worx_home:10.3.5:::::iphone_os::

References

Link	Resource
http://support.citrix.com/article/CTX214006	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-07-13T15:00:00

Updated: 2016-07-13T15:57:01

Reserved: 2016-05-28T00:00:00

Link: CVE-2016-5109

JSON object: View

NVD Information

Status : Analyzed

Published: 2016-07-13T15:59:08.013

Modified: 2016-07-14T19:04:17.997

Link: CVE-2016-5109

JSON object: View

Redhat Information

No data.

CWE

CWE-284

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:xenmobile_mdx_toolkit:10.3.0:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "E29080E2-ED0C-438F-8B84-73046B8D46E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenmobile_mdx_toolkit:10.3.5:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "98A9DE80-2F93-4BA8-B6BF-BC26EE1D9B1B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:worx_home:10.3.0:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "1A9ECFAF-9DFC-4ED8-982A-5F2519AB0EFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:worx_home:10.3.1:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "CA26139F-D6DA-4925-92FA-05B5FC545C54", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:worx_home:10.3.5:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "30D7A5EC-5262-4A5E-ACD7-54A55A1E95EA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecified vectors, related to an application requiring re-authentication."}, {"lang": "es", "value": "Citrix Worx Home para iOS en versiones anteriores a 10.3.6 y XenMobile MDX Toolkit para iOS en versiones anteriores a 10.3.6 pueden permitir a atacantes f\u00edsicamente pr\u00f3ximos eludir autenticaci\u00f3n en la aplicaci\u00f3n Apple Touch ID a trav\u00e9s de vectores no especificados, relacionado con una aplicaci\u00f3n que requiere re-autenticaci\u00f3n."}], "id": "CVE-2016-5109", "lastModified": "2016-07-14T19:04:17.997", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-07-13T15:59:08.013", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://support.citrix.com/article/CTX214006"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}