CVE-2021-21301 Vulnerability Details

  /     /     /  

CVE-2021-21301 Metadata Quick Info

CVE Published: 11/02/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: GitHub_M | Vendor: wireapp | Product: wire-ios
Status : PUBLISHED

---

CVE-2021-21301 Description

Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn\'t stopped in a scenario where a user first has their camera enabled and then disables it. It\'s a privacy issue because video is streamed to the call when the user believes it is disabled. It impacts all users in video calls. This is fixed in version 3.75.

Metrics

CVSS Version: 3.1 | Base Score: 2.6 LOW
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-200
CWE Name: CWE-200 Information Exposure
Source: wireapp

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).