Lucene search

[email protected]NVD:CVE-2021-1807

HistorySep 08, 2021 - 3:15 p.m.

CVE-2021-1807

2021-09-0815:15:09

CWE-20

[email protected]

web.nvd.nist.gov

validation

input sanitization

local user

arbitrary files

ios 14.5

ipados 14.5

watchos 7.4

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:C/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

5.1%

JSON

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4. A local user may be able to write arbitrary files.

Affected configurations

Nvd

Node

appleipadosRange<14.5

appleiphone_osRange<14.5

applewatchosRange<7.4

VendorProductVersionCPE
appleipados*cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
applewatchos*cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	ipados	*	cpe:2.3:o:apple:ipados::::::::
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	watchos	*	cpe:2.3:o:apple:watchos::::::::

References

support.apple.com/en-us/HT212317

support.apple.com/en-us/HT212324

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:C/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2021-1807

prion1 cvelist1 cve1 apple2