Details of VAR-202104-0607

ID

VAR-202104-0607

CVE

CVE-2021-1771

TITLE

Apple macOS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202102-093

DESCRIPTION

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A user that is removed from an iMessage group could rejoin the group. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. A security vulnerability exists in Apple macOS caused by incorrect access restrictions in the "Messages" component of macOS. Vulnerabilities exist in the following products or versions: macOS 10.3, macOS 10.12.4, macOS 10.12.5, macOS 10.12.6, macOS 10.12.6.2, macOS 10.13, macOS 10.13.1, macOS 10.13.2, macOS 10.13.3, macOS 10.13 .4, macOS 10.13.5, macOS 10.13.6, macOS 10.14, macOS 10.14.1, macOS 10.14.2, macOS 10.14.3, macOS 10.14.4, macOS 10.14.5, macOS 10.14.6, macOS 10.15, macOS 10.15 SU1, macOS 10.15.1, macOS 10.15.2, macOS 10.15.3, macOS 10.15.4, macOS 10.15.4 SU1, macOS 10.15.5, macOS 10.15.5 SU1, macOS 10.15.6, macOS 10.15.6 SU1 , macOS 10.15.7, macOS 10.15.7 SU1, macOS 11.0, macOS 11.0.1, macOS 11.1

Trust: 1.08

sources: NVD: CVE-2021-1771 // VULHUB: VHN-376431 // VULMON: CVE-2021-1771

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	gte	version:	10.15	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.6	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.14	Trust: 1.0

sources: NVD: CVE-2021-1771

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1771
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-202102-093
value:	LOW
Trust: 0.6
VULHUB:	VHN-376431
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1771
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-376431
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1771
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-376431 // CNNVD: CNNVD-202102-093 // NVD: CVE-2021-1771

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2021-1771

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-093

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-093

PATCH

title:

Apple macOS Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140305

Trust: 0.6

sources: CNNVD: CNNVD-202102-093

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1771	Trust: 1.8
db:	AUSCERT	id:	ESB-2021.0349	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-093	Trust: 0.6
db:	VULHUB	id:	VHN-376431	Trust: 0.1
db:	VULMON	id:	CVE-2021-1771	Trust: 0.1

sources: VULHUB: VHN-376431 // VULMON: CVE-2021-1771 // CNNVD: CNNVD-202102-093 // NVD: CVE-2021-1771

REFERENCES

url:	https://support.apple.com/en-us/ht212147	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1771	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-34452	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0349/	Trust: 0.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/195912	Trust: 0.1

sources: VULHUB: VHN-376431 // VULMON: CVE-2021-1771 // CNNVD: CNNVD-202102-093 // NVD: CVE-2021-1771

SOURCES

db:	VULHUB	id:	VHN-376431
db:	VULMON	id:	CVE-2021-1771
db:	CNNVD	id:	CNNVD-202102-093
db:	NVD	id:	CVE-2021-1771

LAST UPDATE DATE

2024-11-23T20:02:12.834000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-376431	date:	2021-04-12T00:00:00
db:	VULMON	id:	CVE-2021-1771	date:	2021-04-12T00:00:00
db:	CNNVD	id:	CNNVD-202102-093	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-1771	date:	2024-11-21T05:45:04.647

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-376431	date:	2021-04-02T00:00:00
db:	VULMON	id:	CVE-2021-1771	date:	2021-04-02T00:00:00
db:	CNNVD	id:	CNNVD-202102-093	date:	2021-02-02T00:00:00
db:	NVD	id:	CVE-2021-1771	date:	2021-04-02T18:15:20.700