Sign-up

ID

VAR-202109-1338


CVE

CVE-2021-30723


TITLE

plural  Apple  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-013537

DESCRIPTION

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. macOS , iOS , iPadOS Exists in unspecified vulnerabilities.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ModelIO framework. Crafted data in a USD file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. A buffer error vulnerability exists in the model IO component of Apple MacOS due to a boundary condition of the Model IO subsystem. Macos 10.15 19A58, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57, 10.15.3 19D76, 10.15.4 19E266, 10.15.4 19E287, 10.15.5 19F101, 10.15.6 19G73 19G73 19G73 10.15.6 19G2021, 10.15.7 19H2

Trust: 2.97

sources: NVD: CVE-2021-30723 // JVNDB: JVNDB-2021-013537 // ZDI: ZDI-21-796 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390456 // VULMON: CVE-2021-30723

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.15.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.6

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.4

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.6

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.14.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:applemodel:macosscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-796 // JVNDB: JVNDB-2021-013537 // NVD: CVE-2021-30723

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30723
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-30723
value: MEDIUM

Trust: 0.8

ZDI: CVE-2021-30723
value: LOW

Trust: 0.7

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-1541
value: MEDIUM

Trust: 0.6

VULHUB: VHN-390456
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-30723
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-390456
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30723
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-30723
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2021-30723
baseSeverity: LOW
baseScore: 3.3
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-796 // VULHUB: VHN-390456 // JVNDB: JVNDB-2021-013537 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1541 // NVD: CVE-2021-30723

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-013537 // NVD: CVE-2021-30723

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-1541

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:HT212530 Apple  Security updateurl:https://support.apple.com/en-us/HT212528

Trust: 0.8

title:Apple has issued an update to correct this vulnerability.url:https://support.apple.com/HT212529

Trust: 0.7

title:Apple macOS Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151726

Trust: 0.6

title:Apple: iOS 14.6 and iPadOS 14.6url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=aebc753d2fbbe6784a52339b16fd5417

Trust: 0.1

sources: ZDI: ZDI-21-796 // VULMON: CVE-2021-30723 // JVNDB: JVNDB-2021-013537 // CNNVD: CNNVD-202105-1541

EXTERNAL IDS

db:NVDid:CVE-2021-30723

Trust: 4.1

db:ZDIid:ZDI-21-796

Trust: 1.4

db:JVNDBid:JVNDB-2021-013537

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-13395

Trust: 0.7

db:CNNVDid:CNNVD-202105-1541

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.1794

Trust: 0.6

db:CS-HELPid:SB2021052502

Trust: 0.6

db:VULHUBid:VHN-390456

Trust: 0.1

db:VULMONid:CVE-2021-30723

Trust: 0.1

sources: ZDI: ZDI-21-796 // VULHUB: VHN-390456 // VULMON: CVE-2021-30723 // JVNDB: JVNDB-2021-013537 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1541 // NVD: CVE-2021-30723

REFERENCES

url:https://support.apple.com/en-us/ht212528

Trust: 1.7

url:https://support.apple.com/en-us/ht212529

Trust: 1.7

url:https://support.apple.com/en-us/ht212530

Trust: 1.7

url:https://support.apple.com/en-us/ht212531

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30723

Trust: 1.4

url:https://support.apple.com/ht212529

Trust: 0.7

url:https://www.zerodayinitiative.com/advisories/zdi-21-796/

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-35513

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1794

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052502

Trust: 0.6

url:https://support.apple.com/kb/ht212528

Trust: 0.1

sources: ZDI: ZDI-21-796 // VULHUB: VHN-390456 // VULMON: CVE-2021-30723 // JVNDB: JVNDB-2021-013537 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1541 // NVD: CVE-2021-30723

CREDITS

Mickey Jin (@patch1t) of Trend Micro

Trust: 1.3

sources: ZDI: ZDI-21-796 // CNNVD: CNNVD-202105-1541

SOURCES

db:ZDIid:ZDI-21-796
db:VULHUBid:VHN-390456
db:VULMONid:CVE-2021-30723
db:JVNDBid:JVNDB-2021-013537
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-1541
db:NVDid:CVE-2021-30723

LAST UPDATE DATE

2024-08-14T12:16:03.211000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-796date:2021-07-13T00:00:00
db:VULHUBid:VHN-390456date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2021-013537date:2022-09-15T05:14:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-1541date:2021-09-16T00:00:00
db:NVDid:CVE-2021-30723date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-796date:2021-07-13T00:00:00
db:VULHUBid:VHN-390456date:2021-09-08T00:00:00
db:JVNDBid:JVNDB-2021-013537date:2022-09-15T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-1541date:2021-05-25T00:00:00
db:NVDid:CVE-2021-30723date:2021-09-08T14:15:08.743