CVE-2021-1799

MEDIUM

Safari < 14.0.3 - Port Redirection via Malicious Website

Title source: llm
STIX 2.1

Description

A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.

References (8)

Core 8
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212147
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212146
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212148
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212149
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212152
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202104-03

Scores

CVSS v3 6.5
EPSS 0.0177
EPSS Percentile 75.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

Status published
Products (9)
apple/ipad_os < 14.4
apple/iphone_os < 14.4
apple/macos 11.0.1 - 11.2
apple/safari < 14.0.3
apple/tvos < 14.4
apple/watchos < 7.3
fedoraproject/fedora 32
fedoraproject/fedora 33
webkitgtk/webkitgtk < 2.30.6
Published Apr 02, 2021
Tracked Since Feb 18, 2026