Vulnerability CVE-2021-30810

Vulnerability CVE-2021-30810

Published: 2021-10-19

Description:

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.

Type:

CWE-862

(Missing Authorization)

CVSS2 => (AV:A/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
2.9/10	2.9/10	5.5/10

Exploit range	Attack complexity	Authentication
Adjacent network	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Apple -> Ipados
Apple -> Iphone os
Apple -> TVOS
Apple -> Watchos

References:

https://support.apple.com/en-us/HT212819

https://support.apple.com/en-us/HT212815

https://support.apple.com/en-us/HT212814

http://seclists.org/fulldisclosure/2021/Oct/63

http://seclists.org/fulldisclosure/2021/Oct/62

http://seclists.org/fulldisclosure/2021/Oct/61

Copyright 2024, cxsecurity.com