ID

VAR-202110-0332


CVE

CVE-2021-30807


TITLE

plural  Apple  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-013781

DESCRIPTION

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. plural Apple There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple iPadOS is an operating system for iPad tablet computers developed by Apple. The affected products and versions are as follows: Apple iPadOS 11.5.1, iOS 14.7.1, iPadOS 14.7.1

Trust: 2.34

sources: NVD: CVE-2021-30807 // JVNDB: JVNDB-2021-013781 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390540 // VULMON: CVE-2021-30807

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:11.5.1

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.7.1

Trust: 1.0

vendor:applemodel:ipad osscope:ltversion:14.7.1

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:7.6.1

Trust: 1.0

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-013781 // NVD: CVE-2021-30807

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30807
value: HIGH

Trust: 1.0

NVD: CVE-2021-30807
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-2067
value: HIGH

Trust: 0.6

VULHUB: VHN-390540
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-30807
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-390540
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30807
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-30807
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-390540 // JVNDB: JVNDB-2021-013781 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-2067 // NVD: CVE-2021-30807

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-013781 // NVD: CVE-2021-30807

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-2067

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:HT212623 Apple  Security updateurl:https://support.apple.com/en-us/HT212622

Trust: 0.8

title:Apple iPadOS Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157767

Trust: 0.6

title:Apple: iOS 14.7.1 and iPadOS 14.7.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=7a74df613826ade9296a4465a191b36f

Trust: 0.1

sources: VULMON: CVE-2021-30807 // JVNDB: JVNDB-2021-013781 // CNNVD: CNNVD-202107-2067

EXTERNAL IDS

db:NVDid:CVE-2021-30807

Trust: 3.4

db:JVNDBid:JVNDB-2021-013781

Trust: 0.8

db:CNNVDid:CNNVD-202107-2067

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021072921

Trust: 0.6

db:CS-HELPid:SB2021072626

Trust: 0.6

db:VULHUBid:VHN-390540

Trust: 0.1

db:VULMONid:CVE-2021-30807

Trust: 0.1

sources: VULHUB: VHN-390540 // VULMON: CVE-2021-30807 // JVNDB: JVNDB-2021-013781 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-2067 // NVD: CVE-2021-30807

REFERENCES

url:https://support.apple.com/en-us/ht212623

Trust: 2.3

url:https://support.apple.com/en-us/ht212713

Trust: 2.3

url:https://support.apple.com/en-us/ht212622

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30807

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072626

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072921

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-macos-memory-corruption-36003

Trust: 0.6

url:https://github.com/saaramar/iomobileframebuffer_lpe_poc

Trust: 0.1

url:https://support.apple.com/tr-tr/ht212623

Trust: 0.1

url:https://support.apple.com/kb/ht212623

Trust: 0.1

sources: VULHUB: VHN-390540 // VULMON: CVE-2021-30807 // JVNDB: JVNDB-2021-013781 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-2067 // NVD: CVE-2021-30807

SOURCES

db:VULHUBid:VHN-390540
db:VULMONid:CVE-2021-30807
db:JVNDBid:JVNDB-2021-013781
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-2067
db:NVDid:CVE-2021-30807

LAST UPDATE DATE

2024-08-14T12:09:51.731000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390540date:2021-10-20T00:00:00
db:JVNDBid:JVNDB-2021-013781date:2022-09-28T01:36:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-2067date:2021-10-27T00:00:00
db:NVDid:CVE-2021-30807date:2023-08-08T14:21:49.707

SOURCES RELEASE DATE

db:VULHUBid:VHN-390540date:2021-10-19T00:00:00
db:JVNDBid:JVNDB-2021-013781date:2022-09-28T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-2067date:2021-07-26T00:00:00
db:NVDid:CVE-2021-30807date:2021-10-19T14:15:08.313