CVE-2021-30823 — Apple IOS AND Ipados vulnerability

13 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 61.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Safari +4 more

Timeline

PublishedOct 28

Latest updateMay 24

Description

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages11 packages

▶CVEListV5apple/tvosunspecified — 15

▶NVDapple/tvos< 15.0

▶CVEListV5apple/macosunspecified — 12.0

▶NVDapple/macos< 12.0.1

▶CVEListV5apple/safariunspecified — 15

🔴Vulnerability Details

GHSA

GHSA-fmvg-g54p-g6qj: A logic issue was addressed with improved restrictions↗2022-05-24

▶

CVEList

CVE-2021-30823: A logic issue was addressed with improved restrictions↗2021-10-28

▶

OSV

CVE-2021-30823: A logic issue was addressed with improved restrictions↗2021-10-28

▶

📋Vendor Advisories

Red Hat

webkitgtk: Logic issue leading to HSTS bypass↗2021-12-20

▶

Apple

CVE-2021-30823: iCloud for Windows 13↗2021-11-10

▶

Apple

CVE-2021-30823: macOS Monterey 12.0.1↗2021-10-25

▶

Apple

CVE-2021-30823: Safari 15↗2021-09-20

▶

Apple

CVE-2021-30823: tvOS 15↗2021-09-20

▶