CVE-2019-6203

CRITICAL

iPhone OS < 12.2 - Network Traffic Interception via State Management Issue

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-6203. PoCs published by qingxp9.

AI-analyzed exploit summary This PoC exploits CVE-2019-6203, a PEAP vulnerability in Apple devices, by setting up a malicious access point using hostapd-wpe and dnsmasq to force association. It configures network interfaces, DNS/DHCP services, and iptables for traffic forwarding.

Description

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic.

Exploits (1)

nomisec WORKING POC 28 stars
by qingxp9 · poc
https://github.com/qingxp9/CVE-2019-6203-PoC

This PoC exploits CVE-2019-6203, a PEAP vulnerability in Apple devices, by setting up a malicious access point using hostapd-wpe and dnsmasq to force association. It configures network interfaces, DNS/DHCP services, and iptables for traffic forwarding.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Apple devices (iOS < 12.2, macOS < 10.14.4, tvOS)
No auth needed
Prerequisites: Wi-Fi card supporting AP mode · Kali Linux or similar environment · hostapd-wpe and dnsmasq installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/HT209599
Vendor Advisory x_refsource_misc
https://support.apple.com/HT209601
Vendor Advisory x_refsource_misc
https://support.apple.com/HT209600

Scores

CVSS v3 9.8
EPSS 0.0419
EPSS Percentile 89.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (3)
apple/iphone_os < 12.2
apple/mac_os_x < 10.14.4
apple/tvos < 12.2
Published Apr 17, 2020
Tracked Since Feb 18, 2026