Details of VAR-202109-1381

ID

VAR-202109-1381

CVE

CVE-2021-30714

TITLE

iOS and iPadOS Race condition vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013484

DESCRIPTION

A race condition was addressed with improved state handling. This issue is fixed in iOS 14.6 and iPadOS 14.6. An application may be able to cause unexpected system termination or write kernel memory. iOS and iPadOS There is a race condition vulnerability in.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple iPadOS is an operating system for iPad tablet computers developed by Apple. Native applications could exploit the race, gain unauthorized access to sensitive information, and escalate privileges on the system. The vulnerability could allow a local application to escalate privileges on the system. The following products and versions are affected: iPados: 14.0 18A373, 14.0.1 18A393, 14.1 18A8395, 14.2 18b92, 14.2 18b111, 14.3 18C66, 14.4 18d52, 14.4.1 18d61, 14.4.2 18D70, 14E199, 14.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5.5

Trust: 2.34

sources: NVD: CVE-2021-30714 // JVNDB: JVNDB-2021-013484 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390447 // VULMON: CVE-2021-30714

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	14.6	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	14.6	Trust: 1.0
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-013484 // NVD: CVE-2021-30714

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30714
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-30714
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-1524
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-390447
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-30714
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-30714
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-390447
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-30714
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-30714
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-390447 // VULMON: CVE-2021-30714 // JVNDB: JVNDB-2021-013484 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1524 // NVD: CVE-2021-30714

PROBLEMTYPE DATA

problemtype:	CWE-362	Trust: 1.1
problemtype:	Race condition (CWE-362) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-390447 // JVNDB: JVNDB-2021-013484 // NVD: CVE-2021-30714

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-1524

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	HT212528 Apple Security update	url:	https://support.apple.com/en-us/HT212528	Trust: 0.8
title:	Apple iPadOS Repair measures for the competition condition problem loophole	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151709	Trust: 0.6
title:	Apple: iOS 14.6 and iPadOS 14.6	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=aebc753d2fbbe6784a52339b16fd5417	Trust: 0.1

sources: VULMON: CVE-2021-30714 // JVNDB: JVNDB-2021-013484 // CNNVD: CNNVD-202105-1524

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30714	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-013484	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021052505	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-1524	Trust: 0.6
db:	VULHUB	id:	VHN-390447	Trust: 0.1
db:	VULMON	id:	CVE-2021-30714	Trust: 0.1

sources: VULHUB: VHN-390447 // VULMON: CVE-2021-30714 // JVNDB: JVNDB-2021-013484 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1524 // NVD: CVE-2021-30714

REFERENCES

url:	https://support.apple.com/en-us/ht212528	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30714	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-35513	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052505	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/362.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht212528	Trust: 0.1

sources: VULHUB: VHN-390447 // VULMON: CVE-2021-30714 // JVNDB: JVNDB-2021-013484 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1524 // NVD: CVE-2021-30714

SOURCES

db:	VULHUB	id:	VHN-390447
db:	VULMON	id:	CVE-2021-30714
db:	JVNDB	id:	JVNDB-2021-013484
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-1524
db:	NVD	id:	CVE-2021-30714

LAST UPDATE DATE

2024-08-14T13:11:33.120000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-390447	date:	2021-09-16T00:00:00
db:	VULMON	id:	CVE-2021-30714	date:	2021-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-013484	date:	2022-09-14T02:48:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-1524	date:	2021-09-17T00:00:00
db:	NVD	id:	CVE-2021-30714	date:	2021-09-16T16:13:21.847

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-390447	date:	2021-09-08T00:00:00
db:	VULMON	id:	CVE-2021-30714	date:	2021-09-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-013484	date:	2022-09-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-1524	date:	2021-05-25T00:00:00
db:	NVD	id:	CVE-2021-30714	date:	2021-09-08T15:15:15.947