Details of VAR-202109-1379

ID

VAR-202109-1379

CVE

CVE-2021-30712

TITLE

macOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013482

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. A buffer error vulnerability exists in the smbx component of Apple MacOS, which stems from a boundary error in smbx. The following products and versions are affected: macOS 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57, 10.15.3 19D76, 10.15.4 19E266, 10.15.4, 1509F9.5 1509F96 19F101, 10.15.6 19G73, 10.15.6 19G2021, 10.15.7 19H2, 10.15.7 19H4, 10.15.7 19H15, 10.15.7

Trust: 2.34

sources: NVD: CVE-2021-30712 // JVNDB: JVNDB-2021-013482 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390445 // VULMON: CVE-2021-30712

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.15.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.14	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.15	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.14.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.6	Trust: 1.0
vendor:	アップル	model:	apple mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-013482 // NVD: CVE-2021-30712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30712
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-30712
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-1533
value:	HIGH
Trust: 0.6
VULHUB:	VHN-390445
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-30712
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-30712
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-390445
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-30712
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-30712
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-390445 // VULMON: CVE-2021-30712 // JVNDB: JVNDB-2021-013482 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1533 // NVD: CVE-2021-30712

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-013482 // NVD: CVE-2021-30712

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-1533

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	HT212530 Apple Security update	url:	https://support.apple.com/en-us/HT212529	Trust: 0.8
title:	Apple macOS Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152685	Trust: 0.6

sources: JVNDB: JVNDB-2021-013482 // CNNVD: CNNVD-202105-1533

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30712	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-013482	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	TALOS	id:	TALOS-2021-1258	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1794	Trust: 0.6
db:	CS-HELP	id:	SB2021052502	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-1533	Trust: 0.6
db:	VULHUB	id:	VHN-390445	Trust: 0.1
db:	VULMON	id:	CVE-2021-30712	Trust: 0.1

sources: VULHUB: VHN-390445 // VULMON: CVE-2021-30712 // JVNDB: JVNDB-2021-013482 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1533 // NVD: CVE-2021-30712

REFERENCES

url:	https://support.apple.com/en-us/ht212529	Trust: 1.8
url:	https://support.apple.com/en-us/ht212530	Trust: 1.8
url:	https://support.apple.com/en-us/ht212531	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30712	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1794	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052502	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-35514	Trust: 0.6
url:	https://talosintelligence.com/vulnerability_reports/talos-2021-1258	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://seclists.org/fulldisclosure/2021/may/65	Trust: 0.1

sources: VULHUB: VHN-390445 // VULMON: CVE-2021-30712 // JVNDB: JVNDB-2021-013482 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1533 // NVD: CVE-2021-30712

CREDITS

Discovered by Aleksandar Nikolic of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-202105-1533

SOURCES

db:	VULHUB	id:	VHN-390445
db:	VULMON	id:	CVE-2021-30712
db:	JVNDB	id:	JVNDB-2021-013482
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-1533
db:	NVD	id:	CVE-2021-30712

LAST UPDATE DATE

2024-08-14T12:55:27.165000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-390445	date:	2021-09-16T00:00:00
db:	VULMON	id:	CVE-2021-30712	date:	2021-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-013482	date:	2022-09-14T02:48:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-1533	date:	2021-09-17T00:00:00
db:	NVD	id:	CVE-2021-30712	date:	2021-09-16T16:41:06.527

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-390445	date:	2021-09-08T00:00:00
db:	VULMON	id:	CVE-2021-30712	date:	2021-09-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-013482	date:	2022-09-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-1533	date:	2021-05-25T00:00:00
db:	NVD	id:	CVE-2021-30712	date:	2021-09-08T15:15:15.847