ID

VAR-202109-0326


CVE

CVE-2021-1863


TITLE

iOS  and  iPadOS  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013507

DESCRIPTION

An issue existed with authenticating the action triggered by an NFC tag. The issue was addressed with improved action authentication. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to place phone calls to any phone number. iOS and iPadOS There is an authentication vulnerability in.Information may be tampered with

Trust: 1.8

sources: NVD: CVE-2021-1863 // JVNDB: JVNDB-2021-013507 // VULHUB: VHN-376523 // VULMON: CVE-2021-1863

AFFECTED PRODUCTS

vendor:applemodel:ipadosscope:ltversion:14.5

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.5

Trust: 1.0

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-013507 // NVD: CVE-2021-1863

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1863
value: LOW

Trust: 1.0

NVD: CVE-2021-1863
value: LOW

Trust: 0.8

CNNVD: CNNVD-202109-398
value: LOW

Trust: 0.6

VULHUB: VHN-376523
value: LOW

Trust: 0.1

VULMON: CVE-2021-1863
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-1863
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-376523
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1863
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-1863
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-376523 // VULMON: CVE-2021-1863 // JVNDB: JVNDB-2021-013507 // CNNVD: CNNVD-202109-398 // NVD: CVE-2021-1863

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-376523 // JVNDB: JVNDB-2021-013507 // NVD: CVE-2021-1863

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202109-398

PATCH

title:HT212317 Apple  Security updateurl:https://support.apple.com/en-us/HT212317

Trust: 0.8

title:Apple iOS and Apple iPadOS Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=162853

Trust: 0.6

sources: JVNDB: JVNDB-2021-013507 // CNNVD: CNNVD-202109-398

EXTERNAL IDS

db:NVDid:CVE-2021-1863

Trust: 3.4

db:JVNDBid:JVNDB-2021-013507

Trust: 0.8

db:CNNVDid:CNNVD-202109-398

Trust: 0.6

db:VULHUBid:VHN-376523

Trust: 0.1

db:VULMONid:CVE-2021-1863

Trust: 0.1

sources: VULHUB: VHN-376523 // VULMON: CVE-2021-1863 // JVNDB: JVNDB-2021-013507 // CNNVD: CNNVD-202109-398 // NVD: CVE-2021-1863

REFERENCES

url:https://support.apple.com/en-us/ht212317

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-1863

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-376523 // VULMON: CVE-2021-1863 // JVNDB: JVNDB-2021-013507 // CNNVD: CNNVD-202109-398 // NVD: CVE-2021-1863

SOURCES

db:VULHUBid:VHN-376523
db:VULMONid:CVE-2021-1863
db:JVNDBid:JVNDB-2021-013507
db:CNNVDid:CNNVD-202109-398
db:NVDid:CVE-2021-1863

LAST UPDATE DATE

2024-08-14T14:55:48.818000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-376523date:2021-09-16T00:00:00
db:VULMONid:CVE-2021-1863date:2021-09-16T00:00:00
db:JVNDBid:JVNDB-2021-013507date:2022-09-14T08:07:00
db:CNNVDid:CNNVD-202109-398date:2021-09-17T00:00:00
db:NVDid:CVE-2021-1863date:2021-09-16T19:19:49.537

SOURCES RELEASE DATE

db:VULHUBid:VHN-376523date:2021-09-08T00:00:00
db:VULMONid:CVE-2021-1863date:2021-09-08T00:00:00
db:JVNDBid:JVNDB-2021-013507date:2022-09-14T00:00:00
db:CNNVDid:CNNVD-202109-398date:2021-09-08T00:00:00
db:NVDid:CVE-2021-1863date:2021-09-08T15:15:11.760