CVE-2021-30810

Description

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.

Related CPE's

o apple ipados ********

o apple iphone_os ********

o apple tvos ********

o apple watchos ********

References

https://support.apple.com/en-us/HT212819

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212815

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212814

Release NotesVendor Advisory

CvssV3 impact

BaseSeverity	MEDIUM
ConfidentialityImpact	NONE
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	ADJACENT_NETWORK
AvailabilityImpact	NONE
IntegrityImpact	LOW
PrivilegesRequired	NONE
BaseScore	4.3
VectorString	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Version	3.1
UserInteraction	NONE

CvssV2 impact

AccessComplexity	MEDIUM
ConfidentialityImpact	NONE
AvailabilityImpact	NONE
IntegrityImpact	PARTIAL
BaseScore	2.9
VectorString	AV:A/AC:M/Au:N/C:N/I:P/A:N
Version	2.0
AccessVector	ADJACENT_NETWORK
Authentication	NONE

Created by Yello

About Severity.io