CVE-2021-1799
Advisory lineage Upstream: 0 Downstream: 10
Modified
Published: 02 Apr 2021, 18:04
Last modified:03 Aug 2024, 16:25
Vulnerability Summary
Overall Risk (default)
medium
26/100 CVSS Score
6.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.13% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
02 Apr 2021, 18:04
Published
Vulnerability first disclosed
03 Aug 2024, 16:25
Last Modified
Vulnerability information updated
Description
A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
- v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS Trends
Current EPSS score: 0.13%• Percentile: 32%
Affected Systems
- apple•ios and ipados
≥ unspecified, < 14.4
- apple•ipad_os
< 14.4
- apple•iphone_os
< 14.4
- apple•macos
≥ 11.0.1, < 11.2 | ≥ unspecified, < 11.2 | ≥ unspecified, < 7.3 | ≥ unspecified, < 14.4 | ≥ unspecified, < 14.0
- apple•safari
< 14.0.3
- apple•tvos
< 14.4
- apple•watchos
< 7.3
- fedoraproject•fedora
32 | 33
- Unknown•WebKitGTK
< 2.30.6
References (8)
- https://support.apple.com/en-us/HT212147
- https://support.apple.com/en-us/HT212146
- https://support.apple.com/en-us/HT212148
- https://support.apple.com/en-us/HT212149
- https://support.apple.com/en-us/HT212152
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
- https://security.gentoo.org/glsa/202104-03