ID

VAR-202104-0592


CVE

CVE-2021-1818


TITLE

plural  Apple  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-012727

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. plural Apple There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple iOS 14.4 and iPadOS 14.4 have a security vulnerability that stems from a boundary error in the handling of image files within the ImageIO component in macOS. A remote attacker could create a specially crafted document, trick a victim into opening it, trigger memory corruption and execute arbitrary code on the targeted system

Trust: 1.8

sources: NVD: CVE-2021-1818 // JVNDB: JVNDB-2021-012727 // VULHUB: VHN-376478 // VULMON: CVE-2021-1818

AFFECTED PRODUCTS

vendor:applemodel:tvosscope:ltversion:14.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:ipad osscope:ltversion:14.4

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:7.3

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.4

Trust: 1.0

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-012727 // NVD: CVE-2021-1818

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1818
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-1818
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202102-073
value: CRITICAL

Trust: 0.6

VULHUB: VHN-376478
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1818
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1818
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-376478
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1818
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-1818
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-376478 // VULMON: CVE-2021-1818 // JVNDB: JVNDB-2021-012727 // CNNVD: CNNVD-202102-073 // NVD: CVE-2021-1818

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-012727 // NVD: CVE-2021-1818

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-073

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-073

PATCH

title:HT212148 Apple  Security updateurl:https://support.apple.com/en-us/HT212146

Trust: 0.8

title:Apple iOS iPadOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140285

Trust: 0.6

sources: JVNDB: JVNDB-2021-012727 // CNNVD: CNNVD-202102-073

EXTERNAL IDS

db:NVDid:CVE-2021-1818

Trust: 3.4

db:JVNDBid:JVNDB-2021-012727

Trust: 0.8

db:AUSCERTid:ESB-2021.0354

Trust: 0.6

db:CNNVDid:CNNVD-202102-073

Trust: 0.6

db:VULHUBid:VHN-376478

Trust: 0.1

db:VULMONid:CVE-2021-1818

Trust: 0.1

sources: VULHUB: VHN-376478 // VULMON: CVE-2021-1818 // JVNDB: JVNDB-2021-012727 // CNNVD: CNNVD-202102-073 // NVD: CVE-2021-1818

REFERENCES

url:https://support.apple.com/en-us/ht212146

Trust: 1.8

url:https://support.apple.com/en-us/ht212147

Trust: 1.8

url:https://support.apple.com/en-us/ht212148

Trust: 1.8

url:https://support.apple.com/en-us/ht212149

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-1818

Trust: 1.4

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-34452

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0354/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://seclists.org/fulldisclosure/2021/feb/17

Trust: 0.1

sources: VULHUB: VHN-376478 // VULMON: CVE-2021-1818 // JVNDB: JVNDB-2021-012727 // CNNVD: CNNVD-202102-073 // NVD: CVE-2021-1818

SOURCES

db:VULHUBid:VHN-376478
db:VULMONid:CVE-2021-1818
db:JVNDBid:JVNDB-2021-012727
db:CNNVDid:CNNVD-202102-073
db:NVDid:CVE-2021-1818

LAST UPDATE DATE

2024-08-14T12:44:36.499000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-376478date:2021-04-08T00:00:00
db:VULMONid:CVE-2021-1818date:2021-04-08T00:00:00
db:JVNDBid:JVNDB-2021-012727date:2022-09-08T01:02:00
db:CNNVDid:CNNVD-202102-073date:2021-08-16T00:00:00
db:NVDid:CVE-2021-1818date:2021-04-08T18:05:56.773

SOURCES RELEASE DATE

db:VULHUBid:VHN-376478date:2021-04-02T00:00:00
db:VULMONid:CVE-2021-1818date:2021-04-02T00:00:00
db:JVNDBid:JVNDB-2021-012727date:2022-09-08T00:00:00
db:CNNVDid:CNNVD-202102-073date:2021-02-02T00:00:00
db:NVDid:CVE-2021-1818date:2021-04-02T19:15:20.380