CVE-2021-30908
Published on: 08/24/2021 12:00:00 AM UTC
Last Modified on: 11/07/2023 03:33:00 AM UTC
Certain versions of Macos from Apple contain the following vulnerability:
An authentication issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.1. A local attacker may be able to view the previous logged-in user’s desktop from the fast user switching screen.
- CVE-2021-30908 has been assigned by [email protected] to track the vulnerability - currently rated as LOW severity.
- Affected Vendor/Software: Apple - macOS version < 12.0
- Affected Vendor/Software: Apple - macOS version < 11.6
CVSS3 Score: 3.3 - LOW
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
LOCAL | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | LOW | NONE | NONE |
CVSS2 Score: 1.9 - LOW
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
LOCAL | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
About the security content of macOS Monterey 12.0.1 - Apple Support | support.apple.com text/html | MISC support.apple.com/en-us/HT212869 |
About the security content of macOS Big Sur 11.6.1 - Apple Support | support.apple.com text/html | MISC support.apple.com/en-us/HT212872 |
Related QID Numbers
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Apple | Macos | All | All | All | All |
Operating System | Apple | Macos | 12.0 | All | All | All |
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:macos:12.0:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
@management_sun | IT Risk:Apple.macOS Big Surに複数の脆弱性 -2/3 CVE-2021-30912 CVE-2021-30911 CVE-2021-30910 CVE-2021-30909 CVE-2021-30908… twitter.com/i/web/status/1… | 2021-10-27 12:26:54 |
/r/k12cybersecurity | MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution | 2021-10-27 16:01:10 |