Lucene search

[email protected]NVD:CVE-2021-30810

HistoryOct 19, 2021 - 2:15 p.m.

CVE-2021-30810

2021-10-1914:15:08

CWE-862

[email protected]

web.nvd.nist.gov

authorization

vulnerability

ios

ipados

watchos

tvos

wi-fi

network

setup

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

50.0%

JSON

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.

Affected configurations

Nvd

Node

appleipadosRange<15.0

appleiphone_osRange<15.0

appletvosRange<15.0

applewatchosRange<8.0

References

seclists.org/fulldisclosure/2021/Oct/61

seclists.org/fulldisclosure/2021/Oct/62

seclists.org/fulldisclosure/2021/Oct/63

support.apple.com/en-us/HT212814

support.apple.com/en-us/HT212815

support.apple.com/en-us/HT212819

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

50.0%

JSON

Related for NVD:CVE-2021-30810

cvelist1 prion1 cve1 apple3