| CVE-2021-37786 | Medium damage | 4.6 |
| Very difficult to exploit |
| (other affected products) | Published: Mon Sep 27 14:15:00 2021 UTC. Last Modified: Thu Oct 7 14:19:00 2021 UTC |
CPE matches: cpe:2.3:a:bag:covid_certificate:*:*:*:*:*:iphone_os:*:* && versionEndIncluding=2.2.0
Description
Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. This affects COVID Certificate App IOS 2.2.0 and below affected, patch in progress and COVID Certificate Check App IOS 2.2.0 and below affected, patch in progress. A denial of service (physically proximate) could be caused by scanning a crafted QR code.
Damage
- Full Denial Of Service (DoS).
Attack conditions
- Attacking requires physical access to the vulnerable component and can be done by anyone (requires no authentication).
- No user interaction is required.
- The attack is estimated to have a high success rate, once attempted.
Damage and attack conditions obtained from CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (CVSSv3)
Type of bug(s)
- CWE-755, Improper Handling of Exceptional Conditions: The software does not handle or incorrectly handles an exceptional condition.