CVE-2021-30810

EPSS 0.15%
Published 19.10.2021 14:15:08
Last modified 21.11.2024 06:04:45
Source product-security@apple.com
Teams watchlist Login
Open Login

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ iPadOS Version < 15.0

Apple ≫ iPhone OS Version < 15.0

Apple ≫ tvOS Version < 15.0

Apple ≫ watchOS Version < 8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.318

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	2.9	5.5	2.9	AV:A/AC:M/Au:N/C:N/I:P/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

http://seclists.org/fulldisclosure/2021/Oct/61

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2021/Oct/62

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2021/Oct/63

Third Party Advisory

Mailing List

https://support.apple.com/en-us/HT212814

Vendor Advisory

Release Notes

https://support.apple.com/en-us/HT212815

Vendor Advisory

Release Notes

https://support.apple.com/en-us/HT212819

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-30810

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-30810

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-30810

EUVD