Details of VAR-202109-1306

ID

VAR-202109-1306

CVE

CVE-2021-30656

TITLE

iOS and iPadOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013678

DESCRIPTION

An access issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to determine kernel memory layout. iOS and iPadOS Exists in unspecified vulnerabilities.Information may be obtained. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. The following products and versions are affected: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). APPLE-SA-2021-04-26-1 iOS 14.5 and iPadOS 14.5

Trust: 1.8

sources: NVD: CVE-2021-30656 // JVNDB: JVNDB-2021-013678 // VULHUB: VHN-390389 // VULMON: CVE-2021-30656

AFFECTED PRODUCTS

vendor:	apple	model:	ipados	scope:	lt	version:	14.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	14.5	Trust: 1.0
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-013678 // NVD: CVE-2021-30656

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30656
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-30656
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-1924
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-390389
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-30656
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-390389
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-30656
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-30656
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-390389 // JVNDB: JVNDB-2021-013678 // CNNVD: CNNVD-202104-1924 // NVD: CVE-2021-30656

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-013678 // NVD: CVE-2021-30656

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202104-1924

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-1924

PATCH

title:	HT212317 Apple Security update	url:	https://support.apple.com/en-us/HT212317	Trust: 0.8
title:	Apple iOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148601	Trust: 0.6

sources: JVNDB: JVNDB-2021-013678 // CNNVD: CNNVD-202104-1924

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30656	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-013678	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.1408.2	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-1924	Trust: 0.6
db:	VULHUB	id:	VHN-390389	Trust: 0.1
db:	VULMON	id:	CVE-2021-30656	Trust: 0.1

sources: VULHUB: VHN-390389 // VULMON: CVE-2021-30656 // JVNDB: JVNDB-2021-013678 // CNNVD: CNNVD-202104-1924 // NVD: CVE-2021-30656

REFERENCES

url:	https://support.apple.com/en-us/ht212317	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30656	Trust: 1.4
url:	https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-35170	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1408.2	Trust: 0.6
url:	http://seclists.org/fulldisclosure/2021/apr/49	Trust: 0.1

sources: VULHUB: VHN-390389 // VULMON: CVE-2021-30656 // JVNDB: JVNDB-2021-013678 // CNNVD: CNNVD-202104-1924 // NVD: CVE-2021-30656

SOURCES

db:	VULHUB	id:	VHN-390389
db:	VULMON	id:	CVE-2021-30656
db:	JVNDB	id:	JVNDB-2021-013678
db:	CNNVD	id:	CNNVD-202104-1924
db:	NVD	id:	CVE-2021-30656

LAST UPDATE DATE

2024-08-14T12:13:32.465000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-390389	date:	2022-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-013678	date:	2022-09-26T01:14:00
db:	CNNVD	id:	CNNVD-202104-1924	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-30656	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-390389	date:	2021-09-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-013678	date:	2022-09-26T00:00:00
db:	CNNVD	id:	CNNVD-202104-1924	date:	2021-04-27T00:00:00
db:	NVD	id:	CVE-2021-30656	date:	2021-09-08T15:15:13.083