CVE-2023-28182

The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/HT213670	Vendor Advisory
https://support.apple.com/en-us/HT213673	Vendor Advisory
https://support.apple.com/en-us/HT213675	Vendor Advisory
https://support.apple.com/en-us/HT213676	Vendor Advisory
https://support.apple.com/en-us/HT213677	Vendor Advisory
https://support.apple.com/en-us/HT213670	Vendor Advisory
https://support.apple.com/en-us/HT213673	Vendor Advisory
https://support.apple.com/en-us/HT213675	Vendor Advisory
https://support.apple.com/en-us/HT213676	Vendor Advisory
https://support.apple.com/en-us/HT213677	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

History

12 Dec 2024, 14:26

Type	Values Removed	Values Added
First Time		Apple ipados
CPE	cpe:2.3:o:apple:ipad_os::::::::	cpe:2.3:o:apple:ipados::::::::

21 Nov 2024, 07:54

Type	Values Removed	Values Added
References	~~() https://support.apple.com/en-us/HT213670 - Vendor Advisory~~	() https://support.apple.com/en-us/HT213670 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT213673 - Vendor Advisory~~	() https://support.apple.com/en-us/HT213673 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT213675 - Vendor Advisory~~	() https://support.apple.com/en-us/HT213675 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT213676 - Vendor Advisory~~	() https://support.apple.com/en-us/HT213676 - Vendor Advisory
References	~~() https://support.apple.com/en-us/HT213677 - Vendor Advisory~~	() https://support.apple.com/en-us/HT213677 - Vendor Advisory

27 Jul 2023, 04:15

Type	Values Removed	Values Added
References	~~{'url': 'http://seclists.org/fulldisclosure/2023/May/7', 'name': '20230529 APPLE-SA-2023-03-27-2 iOS 15.7.4 and iPadOS 15.7.4', 'tags': [], 'refsource': 'FULLDISC'}~~
Summary	The issue was addressed with improved authentication. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device	The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device.

30 May 2023, 05:15

Type	Values Removed	Values Added
References		(FULLDISC) http://seclists.org/fulldisclosure/2023/May/7 -

19 May 2023, 16:15

Type	Values Removed	Values Added
Summary	The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device	The issue was addressed with improved authentication. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device

15 May 2023, 15:43

Type	Values Removed	Values Added
CPE		cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:ipad_os:::::::: cpe:2.3:o:apple:iphone_os::::::::
CWE		CWE-287
References	~~(MISC) https://support.apple.com/en-us/HT213677 -~~	(MISC) https://support.apple.com/en-us/HT213677 - Vendor Advisory
References	~~(MISC) https://support.apple.com/en-us/HT213673 -~~	(MISC) https://support.apple.com/en-us/HT213673 - Vendor Advisory
References	~~(MISC) https://support.apple.com/en-us/HT213675 -~~	(MISC) https://support.apple.com/en-us/HT213675 - Vendor Advisory
References	~~(MISC) https://support.apple.com/en-us/HT213676 -~~	(MISC) https://support.apple.com/en-us/HT213676 - Vendor Advisory
References	~~(MISC) https://support.apple.com/en-us/HT213670 -~~	(MISC) https://support.apple.com/en-us/HT213670 - Vendor Advisory
First Time		Apple macos Apple ipad Os Apple iphone Os Apple
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5

08 May 2023, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-08 20:15

Updated : 2025-01-29 16:15

NVD link : CVE-2023-28182

Mitre link : CVE-2023-28182

CVE.ORG link : CVE-2023-28182

JSON object : View

Products Affected

apple

ipados
iphone_os
macos

CWE

CWE-287

Improper Authentication

6.5 /10