Details of VAR-202108-1263

ID

VAR-202108-1263

CVE

CVE-2021-30948

TITLE

apple's iPadOS and iOS Vulnerability regarding insufficient protection of authentication information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-021118

DESCRIPTION

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access stored passwords without authentication. apple's iPadOS and iOS There are vulnerabilities in inadequate protection of credentials.Information may be obtained. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none

Trust: 1.8

sources: NVD: CVE-2021-30948 // JVNDB: JVNDB-2021-021118 // VULHUB: VHN-390681 // VULMON: CVE-2021-30948

AFFECTED PRODUCTS

vendor:	apple	model:	ipados	scope:	lt	version:	15.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.2	Trust: 1.0
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	eq	version:	15.2	Trust: 0.8

sources: JVNDB: JVNDB-2021-021118 // NVD: CVE-2021-30948

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30948
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-30948
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202108-2049
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-390681
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-30948
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-390681
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-30948
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-30948
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-390681 // JVNDB: JVNDB-2021-021118 // CNNVD: CNNVD-202108-2049 // NVD: CVE-2021-30948

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	Inadequate protection of credentials (CWE-522) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-390681 // JVNDB: JVNDB-2021-021118 // NVD: CVE-2021-30948

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202108-2049

PATCH

title:	HT212976 Apple Security update	url:	https://support.apple.com/en-us/HT212976	Trust: 0.8
title:	Apple iOS and iPadOS Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176528	Trust: 0.6

sources: JVNDB: JVNDB-2021-021118 // CNNVD: CNNVD-202108-2049

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30948	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-021118	Trust: 0.8
db:	CS-HELP	id:	SB2021121432	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4260	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-2049	Trust: 0.6
db:	VULHUB	id:	VHN-390681	Trust: 0.1
db:	VULMON	id:	CVE-2021-30948	Trust: 0.1

sources: VULHUB: VHN-390681 // VULMON: CVE-2021-30948 // JVNDB: JVNDB-2021-021118 // CNNVD: CNNVD-202108-2049 // NVD: CVE-2021-30948

REFERENCES

url:	https://support.apple.com/en-us/ht212976	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30948	Trust: 0.8
url:	https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-37063	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021121432	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4260	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-390681 // VULMON: CVE-2021-30948 // JVNDB: JVNDB-2021-021118 // CNNVD: CNNVD-202108-2049 // NVD: CVE-2021-30948

SOURCES

db:	VULHUB	id:	VHN-390681
db:	VULMON	id:	CVE-2021-30948
db:	JVNDB	id:	JVNDB-2021-021118
db:	CNNVD	id:	CNNVD-202108-2049
db:	NVD	id:	CVE-2021-30948

LAST UPDATE DATE

2024-08-14T12:19:57.941000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-390681	date:	2022-07-12T00:00:00
db:	VULMON	id:	CVE-2021-30948	date:	2021-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-021118	date:	2024-07-17T09:05:00
db:	CNNVD	id:	CNNVD-202108-2049	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-30948	date:	2023-11-07T03:34:00.220

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-390681	date:	2021-08-24T00:00:00
db:	VULMON	id:	CVE-2021-30948	date:	2021-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-021118	date:	2024-07-17T00:00:00
db:	CNNVD	id:	CNNVD-202108-2049	date:	2021-08-24T00:00:00
db:	NVD	id:	CVE-2021-30948	date:	2021-08-24T19:15:21.547