Details of VAR-202109-0322

ID

VAR-202109-0322

CVE

CVE-2021-1859

TITLE

macOS Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-013606

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. Locked Notes content may have been unexpectedly unlocked. macOS There are unspecified vulnerabilities in the product.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. Local users can access sensitive information. The vulnerability could allow local users to access sensitive information. The following products and versions are affected: macOS: 11.0 20A2411, 11.0.1 20B29, 11.0.1 20B50, 11.1 20C69, 11.2 20D64, 11.2.1 20D74, 11.2.1 20D75, 11.2.2 20D80, 11.2.3 20D91

Trust: 2.25

sources: NVD: CVE-2021-1859 // JVNDB: JVNDB-2021-013606 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-376519

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.3	Trust: 1.0

sources: NVD: CVE-2021-1859

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1859
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1859
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-1965
value:	HIGH
Trust: 0.6
VULHUB:	VHN-376519
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1859
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-376519
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1859
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1859
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-376519 // JVNDB: JVNDB-2021-013606 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1965 // NVD: CVE-2021-1859

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-013606 // NVD: CVE-2021-1859

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-1965

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	HT212325 Apple Security update	url:	https://support.apple.com/en-us/HT212325	Trust: 0.8
title:	Apple macOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148642	Trust: 0.6
title:	Apple: macOS Big Sur 11.3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c631c09ebe15d0799205eda727cdfeb3	Trust: 0.1

sources: VULMON: CVE-2021-1859 // JVNDB: JVNDB-2021-013606 // CNNVD: CNNVD-202104-1965

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1859	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-013606	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1409.2	Trust: 0.6
db:	CS-HELP	id:	SB2021042704	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-1965	Trust: 0.6
db:	VULHUB	id:	VHN-376519	Trust: 0.1
db:	VULMON	id:	CVE-2021-1859	Trust: 0.1

sources: VULHUB: VHN-376519 // VULMON: CVE-2021-1859 // JVNDB: JVNDB-2021-013606 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1965 // NVD: CVE-2021-1859

REFERENCES

url:	https://support.apple.com/en-us/ht212325	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1859	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1409.2	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-35171	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042704	Trust: 0.6
url:	https://support.apple.com/kb/ht212325	Trust: 0.1

sources: VULHUB: VHN-376519 // VULMON: CVE-2021-1859 // JVNDB: JVNDB-2021-013606 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1965 // NVD: CVE-2021-1859

SOURCES

db:	VULHUB	id:	VHN-376519
db:	VULMON	id:	CVE-2021-1859
db:	JVNDB	id:	JVNDB-2021-013606
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202104-1965
db:	NVD	id:	CVE-2021-1859

LAST UPDATE DATE

2024-08-14T13:06:14.611000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-376519	date:	2021-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-013606	date:	2022-09-16T08:08:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-1965	date:	2021-09-18T00:00:00
db:	NVD	id:	CVE-2021-1859	date:	2021-09-17T12:16:54.310

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-376519	date:	2021-09-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-013606	date:	2022-09-16T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-1965	date:	2021-04-27T00:00:00
db:	NVD	id:	CVE-2021-1859	date:	2021-09-08T15:15:11.560