Lucene search

AppleCVE-2021-30739

HistorySep 08, 2021 - 2:15 p.m.

CVE-2021-30739

2021-09-0814:15:09

CWE-787

apple

web.nvd.nist.gov

cve-2021-30739

local attacker

privilege escalation

macos

big sur

security update

memory corruption

validation.

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

5.1%

JSON

A local attacker may be able to elevate their privileges. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A memory corruption issue was addressed with improved validation.

Affected configurations

Nvd

Vulners

Node

applemac_os_xRange10.14.0–10.14.5

applemac_os_xRange10.15–10.15.6

applemac_os_xMatch10.14.6-

applemac_os_xMatch10.14.6security_update_2019-001

applemac_os_xMatch10.14.6security_update_2019-002

applemac_os_xMatch10.14.6security_update_2019-004

applemac_os_xMatch10.14.6security_update_2019-005

applemac_os_xMatch10.14.6security_update_2019-006

applemac_os_xMatch10.14.6security_update_2019-007

applemac_os_xMatch10.14.6security_update_2020-001

applemac_os_xMatch10.14.6security_update_2020-002

applemac_os_xMatch10.14.6security_update_2020-003

applemac_os_xMatch10.14.6security_update_2020-004

applemac_os_xMatch10.14.6security_update_2020-005

applemac_os_xMatch10.14.6security_update_2020-006

applemac_os_xMatch10.14.6security_update_2020-007

applemac_os_xMatch10.14.6security_update_2021-001

applemac_os_xMatch10.14.6security_update_2021-002

applemac_os_xMatch10.14.6security_update_2021-003

applemac_os_xMatch10.14.6supplemental_update

applemac_os_xMatch10.14.6supplemental_update_2

applemac_os_xMatch10.15.7-

applemac_os_xMatch10.15.7security_update_2020

applemac_os_xMatch10.15.7security_update_2020-001

applemac_os_xMatch10.15.7security_update_2020-005

applemac_os_xMatch10.15.7security_update_2020-007

applemac_os_xMatch10.15.7security_update_2021-001

applemac_os_xMatch10.15.7security_update_2021-002

applemac_os_xMatch10.15.7supplemental_update

applemacosRange11.0.1–11.4

VendorProductVersionCPE
applemac_os_x*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
applemac_os_x10.14.6cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*
applemac_os_x10.14.6cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*
applemac_os_x10.14.6cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*
applemac_os_x10.14.6cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*
applemac_os_x10.14.6cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*
applemac_os_x10.14.6cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*
applemac_os_x10.14.6cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*
applemac_os_x10.14.6cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*
applemac_os_x10.14.6cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	mac_os_x	*	cpe:2.3:o:apple:mac_os_x::::::::
apple	mac_os_x	10.14.6	cpe:2.3:o:apple:mac_os_x:10.14.6:-::::::
apple	mac_os_x	10.14.6	cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001::::::
apple	mac_os_x	10.14.6	cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002::::::
apple	mac_os_x	10.14.6	cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004::::::
apple	mac_os_x	10.14.6	cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005::::::
apple	mac_os_x	10.14.6	cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006::::::
apple	mac_os_x	10.14.6	cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007::::::
apple	mac_os_x	10.14.6	cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001::::::
apple	mac_os_x	10.14.6	cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002::::::

Rows per page:

1-10 of 291

CNA Affected

[
  {
    "product": "macOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "11.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "macOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "2021",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "macOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "2021",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

support.apple.com/en-us/HT212529

support.apple.com/en-us/HT212530

support.apple.com/en-us/HT212531

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-30739