Sign-up

ID

VAR-202109-1305


CVE

CVE-2021-30655


TITLE

macOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013679

DESCRIPTION

An application may be able to execute arbitrary code with system privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. The issue was addressed with improved permissions logic. macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. A permissions and access control issue exists in macOS where the application does not place appropriate security restrictions on the WiFi component. The following products and versions are affected: macOS: 11.0 20A2411, 11.0.1 20B29, 11.0.1 20B50, 11.1 20C69, 11.2 20D64, 11.2.1 20D74, 11.2.1 20D75, 11.2.2 20D80, 11.2.3 2

Trust: 2.25

sources: NVD: CVE-2021-30655 // JVNDB: JVNDB-2021-013679 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390388

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.15.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.15.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.3

Trust: 1.0

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-013679 // NVD: CVE-2021-30655

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30655
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-30655
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-1947
value: HIGH

Trust: 0.6

VULHUB: VHN-390388
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-30655
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-390388
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30655
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-30655
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-390388 // JVNDB: JVNDB-2021-013679 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1947 // NVD: CVE-2021-30655

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-013679 // NVD: CVE-2021-30655

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:HT212325 Apple  Security updateurl:https://support.apple.com/en-us/HT212325

Trust: 0.8

title:Apple macOS Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148624

Trust: 0.6

title:Apple: macOS Big Sur 11.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c631c09ebe15d0799205eda727cdfeb3

Trust: 0.1

sources: VULMON: CVE-2021-30655 // JVNDB: JVNDB-2021-013679 // CNNVD: CNNVD-202104-1947

EXTERNAL IDS

db:NVDid:CVE-2021-30655

Trust: 3.4

db:JVNDBid:JVNDB-2021-013679

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.1409.2

Trust: 0.6

db:CS-HELPid:SB2021042704

Trust: 0.6

db:CNNVDid:CNNVD-202104-1947

Trust: 0.6

db:VULHUBid:VHN-390388

Trust: 0.1

db:VULMONid:CVE-2021-30655

Trust: 0.1

sources: VULHUB: VHN-390388 // VULMON: CVE-2021-30655 // JVNDB: JVNDB-2021-013679 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1947 // NVD: CVE-2021-30655

REFERENCES

url:https://support.apple.com/en-us/ht212325

Trust: 1.7

url:https://support.apple.com/en-us/ht212326

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30655

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1409.2

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-35171

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042704

Trust: 0.6

url:https://support.apple.com/kb/ht212325

Trust: 0.1

sources: VULHUB: VHN-390388 // VULMON: CVE-2021-30655 // JVNDB: JVNDB-2021-013679 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1947 // NVD: CVE-2021-30655

SOURCES

db:VULHUBid:VHN-390388
db:VULMONid:CVE-2021-30655
db:JVNDBid:JVNDB-2021-013679
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202104-1947
db:NVDid:CVE-2021-30655

LAST UPDATE DATE

2024-08-14T12:58:25.063000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390388date:2021-09-20T00:00:00
db:JVNDBid:JVNDB-2021-013679date:2022-09-26T01:19:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202104-1947date:2021-09-17T00:00:00
db:NVDid:CVE-2021-30655date:2021-09-20T18:37:33.747

SOURCES RELEASE DATE

db:VULHUBid:VHN-390388date:2021-09-08T00:00:00
db:JVNDBid:JVNDB-2021-013679date:2022-09-26T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202104-1947date:2021-04-27T00:00:00
db:NVDid:CVE-2021-30655date:2021-09-08T15:15:13.037