ID

VAR-202108-1158


CVE

CVE-2021-31004


TITLE

apple's  macOS  Race condition vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-021235

DESCRIPTION

A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.5. An application may be able to gain elevated privileges. apple's macOS There is a race condition vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none

Trust: 1.8

sources: NVD: CVE-2021-31004 // JVNDB: JVNDB-2021-021235 // VULHUB: VHN-390737 // VULMON: CVE-2021-31004

AFFECTED PRODUCTS

vendor:applemodel:macosscope:eqversion:12.0.0

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.5

Trust: 1.0

vendor:アップルmodel:macosscope:eqversion:12.0.0

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion: -

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:11.0 that's all 11.5

Trust: 0.8

sources: JVNDB: JVNDB-2021-021235 // NVD: CVE-2021-31004

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-31004
value: HIGH

Trust: 1.0

NVD: CVE-2021-31004
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202108-2113
value: HIGH

Trust: 0.6

VULHUB: VHN-390737
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-31004
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-390737
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-31004
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-31004
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-390737 // JVNDB: JVNDB-2021-021235 // CNNVD: CNNVD-202108-2113 // NVD: CVE-2021-31004

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.1

problemtype:Race condition (CWE-362) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-390737 // JVNDB: JVNDB-2021-021235 // NVD: CVE-2021-31004

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-2113

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-202108-2113

PATCH

title:HT212602 Apple  Security updateurl:https://support.apple.com/en-us/HT212602

Trust: 0.8

title:Apple macOS Repair measures for the competition condition problem loopholeurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=194531

Trust: 0.6

sources: JVNDB: JVNDB-2021-021235 // CNNVD: CNNVD-202108-2113

EXTERNAL IDS

db:NVDid:CVE-2021-31004

Trust: 3.4

db:JVNDBid:JVNDB-2021-021235

Trust: 0.8

db:CNNVDid:CNNVD-202108-2113

Trust: 0.6

db:VULHUBid:VHN-390737

Trust: 0.1

db:VULMONid:CVE-2021-31004

Trust: 0.1

sources: VULHUB: VHN-390737 // VULMON: CVE-2021-31004 // JVNDB: JVNDB-2021-021235 // CNNVD: CNNVD-202108-2113 // NVD: CVE-2021-31004

REFERENCES

url:https://support.apple.com/en-us/ht212602

Trust: 1.7

url:https://support.apple.com/en-us/ht212869

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-31004

Trust: 0.8

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-390737 // VULMON: CVE-2021-31004 // JVNDB: JVNDB-2021-021235 // CNNVD: CNNVD-202108-2113 // NVD: CVE-2021-31004

SOURCES

db:VULHUBid:VHN-390737
db:VULMONid:CVE-2021-31004
db:JVNDBid:JVNDB-2021-021235
db:CNNVDid:CNNVD-202108-2113
db:NVDid:CVE-2021-31004

LAST UPDATE DATE

2024-08-14T15:17:08.161000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390737date:2022-05-31T00:00:00
db:VULMONid:CVE-2021-31004date:2021-08-24T00:00:00
db:JVNDBid:JVNDB-2021-021235date:2024-07-22T09:20:00
db:CNNVDid:CNNVD-202108-2113date:2022-06-01T00:00:00
db:NVDid:CVE-2021-31004date:2023-11-07T03:34:18.070

SOURCES RELEASE DATE

db:VULHUBid:VHN-390737date:2021-08-24T00:00:00
db:VULMONid:CVE-2021-31004date:2021-08-24T00:00:00
db:JVNDBid:JVNDB-2021-021235date:2024-07-22T00:00:00
db:CNNVDid:CNNVD-202108-2113date:2021-08-24T00:00:00
db:NVDid:CVE-2021-31004date:2021-08-24T19:15:24.613