Vulnerabilities

CVE-2021-30874

November 19, 2021

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A VPN configuration may be installed by an app without user permission.

Summary:

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A VPN configuration may be installed by an app without user permission.

Reference Links(if available):

https://support.apple.com/en-us/HT212814

https://support.apple.com/kb/HT212869

CVSS Score (if available)

v2: / HIGHAV:N/AC:L/Au:N/C:N/I:P/A:N

v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Links to Exploits(if available)

Tags: CVE, CVE-2021-30874, MISC, Vendor Advisory, vulnerability

CVE-2021-30874

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

CISA: CISA Releases Two Industrial Control Systems Advisories

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

CACTUS Ransomware Victim: https://www[.]ebir[.]com/

CACTUS Ransomware Victim: https://www[.]concordegroup[.]ca/

CACTUS Ransomware Victim: https://www[.]coastalcargogroup[.]com/

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

You may have missed

CISA: CISA Releases Two Industrial Control Systems Advisories

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

CACTUS Ransomware Victim: https://www[.]ebir[.]com/

CACTUS Ransomware Victim: https://www[.]concordegroup[.]ca/

CACTUS Ransomware Victim: https://www[.]coastalcargogroup[.]com/