CVE-2021-30810

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.

CVSS v3 4.3 MEDIUM
CVSS v2.0 2.9 LOW

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

2.9^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 5.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://seclists.org/fulldisclosure/2021/Oct/61	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/62	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/63	Mailing List Third Party Advisory
https://support.apple.com/en-us/HT212814	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT212815	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT212819	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

No history.

Information

Published : 2021-10-19 14:15

Updated : 2024-02-28 18:48

NVD link : CVE-2021-30810

Mitre link : CVE-2021-30810

CVE.ORG link : CVE-2021-30810

JSON object : View

Products Affected

apple

watchos
tvos
ipados
iphone_os

CWE

CWE-862

Missing Authorization

{"id": "CVE-2021-30810", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.9, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2021-10-19T14:15:08.370", "references": [{"url": "http://seclists.org/fulldisclosure/2021/Oct/61", "tags": ["Mailing List", "Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2021/Oct/62", "tags": ["Mailing List", "Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2021/Oct/63", "tags": ["Mailing List", "Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT212814", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT212815", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT212819", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup."}, {"lang": "es", "value": "Se abord\u00f3 un problema de autorizaci\u00f3n con una administraci\u00f3n de estados mejorada. Este problema es corregido en iOS versi\u00f3n 15 y iPadOS versi\u00f3n 15, watchOS versi\u00f3n 8, tvOS versi\u00f3n 15. Un atacante en la proximidad f\u00edsica puede ser capaz de forzar a un usuario en una red Wi-Fi maliciosa durante la configuraci\u00f3n del dispositivo"}], "lastModified": "2021-11-03T20:15:39.530", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "090FB24C-D685-4422-A936-821B30F9655D", "versionEndExcluding": "15.0"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5354DEB-CF04-4795-8D90-E280F0A859CA", "versionEndExcluding": "15.0"}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B32A978E-673C-421D-93A1-CA84D90B67E4", "versionEndExcluding": "15.0"}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5364285F-B3F2-465B-B738-2FC1C8913A44", "versionEndExcluding": "8.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}