Lucene search

[email protected]NVD:CVE-2021-30894

HistoryAug 24, 2021 - 7:15 p.m.

CVE-2021-30894

2021-08-2419:15:17

CWE-787

[email protected]

web.nvd.nist.gov

memory corruption

ios 15.1

ipados 15.1

tvos 15.1

input validation

arbitrary code

kernel privileges

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

36.8%

JSON

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1. An application may be able to execute arbitrary code with kernel privileges.

Affected configurations

Nvd

Node

appleipadosRange<15.1

appleiphone_osRange<15.1

appletvosRange<15.1

References

support.apple.com/en-us/HT212867

support.apple.com/en-us/HT212876

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

36.8%

JSON

Related for NVD:CVE-2021-30894

cvelist1 prion1 cve1 apple2 malwarebytes1