CVE-2021-1799

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.

References

https://support.apple.com/en-us/HT212146

https://support.apple.com/en-us/HT212152

https://support.apple.com/en-us/HT212149

https://support.apple.com/en-us/HT212147

https://support.apple.com/en-us/HT212148

https://lists.fedoraproject.org/archives/list/[email protected]/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/

https://lists.fedoraproject.org/archives/list/[email protected]/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/

https://security.gentoo.org/glsa/202104-03

Details

Source: MITRE

Published: 2021-04-02

Updated: 2021-06-02

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
155421Oracle Linux 8 : GNOME (ELSA-2021-4381)NessusOracle Linux Local Security Checks
high
155153RHEL 8 : GNOME (RHSA-2021:4381)NessusRed Hat Local Security Checks
high
155097CentOS 8 : GNOME (CESA-2021:4381)NessusCentOS Local Security Checks
high
150913SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2021:1990-1)NessusSuSE Local Security Checks
critical
149570openSUSE Security Update : webkit2gtk3 (openSUSE-2021-637)NessusSuSE Local Security Checks
critical
149278SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:1499-1)NessusSuSE Local Security Checks
critical
149222GLSA-202104-03 : WebkitGTK+: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
149203SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:1430-1)NessusSuSE Local Security Checks
critical
148891Ubuntu 18.04 LTS / 20.04 LTS / 20.10 : WebKitGTK vulnerabilities (USN-4894-1)NessusUbuntu Local Security Checks
critical
148804Fedora 32 : webkit2gtk3 (2021-619711d709)NessusFedora Local Security Checks
critical
148778Fedora 33 : webkit2gtk3 (2021-864dc37032)NessusFedora Local Security Checks
critical
148236Debian DSA-4877-1 : webkit2gtk - security updateNessusDebian Local Security Checks
critical
146086macOS 10.14.x < 10.14.6 Security Update 2021-001 / 10.15.x < 10.15.7 Security Update 2021-001 / macOS 11.x < 11.2 (HT212147)NessusMacOS X Local Security Checks
high
145548Apple iOS < 14.4 Multiple VulnerabilitiesNessusMobile Devices
high