CVE-2021-1815 — Path Traversal in Apple IOS AND Ipados

CWE-22 — Path Traversal5 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 74.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Tvos +6 more

Timeline

PublishedSep 8

Latest updateApr 4

Description

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages12 packages

▶CVEListV5apple/tvosunspecified — 14.5

▶NVDapple/tvos< 14.5

▶CVEListV5apple/macosunspecified — 11.3

▶NVDapple/macos11.0 — 11.3

▶NVDapple/ipados< 14.5

🔴Vulnerability Details

GHSA

GHSA-vx92-qgjq-h8fv: A parsing issue in the handling of directory paths was addressed with improved path validation↗2022-05-24

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2023-1815↗2023-04-04

▶

Apple

CVE-2021-1815: iOS 14.5 and iPadOS 14.5↗2021-04-26

▶

Apple

CVE-2021-1815: macOS Big Sur 11.3↗2021-04-26

▶