CVE-2021-30770Improper Authentication in Apple Tvos

CWE-287Improper Authentication4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 91.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple IOSApple TvosApple Watchos+1 more
Timeline
PublishedSep 8
Latest updateMay 24

Description

A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

CVEListV5apple/tvosunspecified14.7
NVDapple/tvos< 14.7
CVEListV5apple/watchosunspecified7.6
NVDapple/watchos< 7.6
CVEListV5apple/iosunspecified14.7

🔴Vulnerability Details

2
GHSA
GHSA-qw3m-7664-26j4: A logic issue was addressed with improved validation2022-05-24
CVEList
CVE-2021-30770: A logic issue was addressed with improved validation2021-09-08

📋Vendor Advisories

1
Apple
CVE-2021-30770: iOS 14.7 and iPadOS 14.7
CVE-2021-30770 — Improper Authentication in Apple Tvos | cvebase