CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
15.6%
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system.
Vendor | Product | Version | CPE |
---|---|---|---|
apple | ipados | * | cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* |
apple | iphone_os | * | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
apple | mac_os_x | * | cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
apple | mac_os_x | 10.15.6 | cpe:2.3:o:apple:mac_os_x:10.15.6:-:*:*:*:*:*:* |
apple | mac_os_x | 10.15.6 | cpe:2.3:o:apple:mac_os_x:10.15.6:supplemental_update:*:*:*:*:*:* |
apple | mac_os_x | 10.15.7 | cpe:2.3:o:apple:mac_os_x:10.15.7:*:*:*:*:*:*:* |
apple | mac_os_x | 10.15.7 | cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:* |
apple | mac_os_x | 10.15.7 | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:* |
apple | mac_os_x | 10.15.7 | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:* |
apple | mac_os_x | 10.15.7 | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
15.6%