Description

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.

Related CPE's

o

apple

ipados

Vulnerable

o

apple

iphone_os

Vulnerable

o

apple

tvos

Vulnerable

o

apple

watchos

Vulnerable

References

http://seclists.org/fulldisclosure/2021/Oct/61

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2021/Oct/62

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2021/Oct/63

Mailing ListThird Party Advisory

https://support.apple.com/en-us/HT212814

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212815

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212819

Release NotesVendor Advisory

Weaknesses

[email protected]

Primary
CWE-862

CVSS impact metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

4.3 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-10-19T14:15:08.370

3 years ago

Last modified

2021-11-03T20:15:39.530

3 years ago