CVE-2021-30720

Published: Sep 8, 2021Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers.

Affected (6)

Products: Apple: Ipados, Iphone Os, Macos, Safari, Tvos, Watchos

6 products

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 14.6
Apple Iphone Os	Before 14.6
Apple Macos	From 11.0.1 to 11.4
Apple Safari	Before 14.1.1
Apple Tvos	Before 14.6
Apple Watchos	Before 7.5

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.