CVE-2021-30667Improper Authentication in Apple IOS AND Ipados

CWE-287Improper Authentication2 documents2 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 80.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple IOS AND IpadosApple IpadosApple Iphone OS
Timeline
PublishedSep 8
Latest updateMay 24

Description

A logic issue was addressed with improved validation. This issue is fixed in iOS 14.6 and iPadOS 14.6. An attacker in WiFi range may be able to force a client to use a less secure authentication mechanism.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

NVDapple/ipados< 14.6
CVEListV5apple/ios_and_ipadosunspecified14.6
NVDapple/iphone_os< 14.6

🔴Vulnerability Details

1
GHSA
GHSA-m9cm-8x3h-gr6j: A logic issue was addressed with improved validation2022-05-24
CVE-2021-30667 — Improper Authentication in Apple | cvebase