CVE-2021-1799:

Port redirection vulnerability in Apple products allowing malicious websites to access restricted ports on arbitrary servers.

Score
A numerical rating that indicates how dangerous this vulnerability is.

6.5Medium

Published Date:Apr 2, 2021
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.1
EPSS Percentile:32%

Exploitability

Score:2.8
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:REQUIRED
Scope:UNCHANGED

Impact

Score:3.6
Confidentiality Impact:NONE
Integrity Impact:HIGH
Availability Impact:NONE

Description Preview

Port redirection vulnerability in Apple products allowing malicious websites to access restricted ports on arbitrary servers.

Overview

The vulnerability exists in multiple Apple products including macOS, iOS, iPadOS, tvOS, watchOS, and Safari. The flaw involves insufficient validation of network ports, which could allow a malicious website to redirect traffic to restricted ports on arbitrary servers. This could potentially enable attackers to probe internal networks, access sensitive services, or conduct server-side request forgery (SSRF) attacks. The issue affects all versions of the affected products prior to the security updates released by Apple in early 2021.

Remediation

To mitigate this vulnerability, users should update to the following versions or later:
macOS Big Sur 11.2
Security Update 2021-001 Catalina
Security Update 2021-001 Mojave
tvOS 14.4
watchOS 7.3
iOS 14.4
iPadOS 14.4
Safari 14.0.3
The updates implement additional port validation to prevent malicious websites from accessing restricted ports on arbitrary servers. It is recommended to apply these updates as soon as possible to protect against potential exploitation of this vulnerability.