{"api_version":"1","generated_at":"2026-04-23T06:19:01+00:00","cve":"CVE-2021-1815","urls":{"html":"https://cve.report/CVE-2021-1815","api":"https://cve.report/api/cve/CVE-2021-1815.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-1815","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-1815"},"summary":{"title":"CVE-2021-1815","description":"A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2021-09-08 15:15:00","updated_at":"2022-10-18 17:59:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"https://support.apple.com/en-us/HT212325","name":"https://support.apple.com/en-us/HT212325","refsource":"MISC","tags":[],"title":"About the security content of macOS Big Sur 11.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT212324","name":"https://support.apple.com/en-us/HT212324","refsource":"MISC","tags":[],"title":"About the security content of watchOS 7.4 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT212323","name":"https://support.apple.com/en-us/HT212323","refsource":"MISC","tags":[],"title":"About the security content of tvOS 14.5 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT212317","name":"https://support.apple.com/en-us/HT212317","refsource":"MISC","tags":[],"title":"About the security content of iOS 14.5 and iPadOS 14.5 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-1815","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-1815","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"1815","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"1815","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"1815","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"1815","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"1815","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-1815","qid":"375503","title":"Apple MacOS Big Sur 11.3 Not Installed (HT212325)"},{"cve":"CVE-2021-1815","qid":"610334","title":"Apple iOS 14.5 and iPadOS 14.5 Security Update Missing (HT212317)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-1815","ASSIGNER":"product-security@apple.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Apple","product":{"product_data":[{"product_name":"iOS and iPadOS","version":{"version_data":[{"version_affected":"<","version_value":"14.5"}]}},{"product_name":"tvOS","version":{"version_data":[{"version_affected":"<","version_value":"14.5"}]}},{"product_name":"watchOS","version":{"version_data":[{"version_affected":"<","version_value":"7.4"}]}},{"product_name":"macOS","version":{"version_data":[{"version_affected":"<","version_value":"11.3"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"A local user may be able to modify protected parts of the file system"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212317","name":"https://support.apple.com/en-us/HT212317"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212323","name":"https://support.apple.com/en-us/HT212323"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212324","name":"https://support.apple.com/en-us/HT212324"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212325","name":"https://support.apple.com/en-us/HT212325"}]},"description":{"description_data":[{"lang":"eng","value":"A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system."}]}},"nvd":{"publishedDate":"2021-09-08 15:15:00","lastModifiedDate":"2022-10-18 17:59:00","problem_types":["CWE-22"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"11.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"14.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"14.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"7.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"14.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"1815","Ordinal":"192904","Title":"CVE-2021-1815","CVE":"CVE-2021-1815","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"1815","Ordinal":"1","NoteData":"A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"1815","Ordinal":"2","NoteData":"2021-09-08","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"1815","Ordinal":"3","NoteData":"2021-09-08","Type":"Other","Title":"Modified"}]}}}