PT-2021-21870 · Unknown · Covid Certificate Check App+1
Kfmgang
·
Published
2021-09-27
·
Updated
2021-10-07
·
CVE-2021-37786
CVSS v3.1
4.6
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
COVID Certificate App IOS versions 2.2.0 and below
COVID Certificate Check App IOS versions 2.2.0 and below
Description:
The issue is related to improper handling of exceptional conditions in certain Federal Office of Information Technology Systems and Telecommunication FOITT products. This could lead to a denial of service, which can be triggered by scanning a crafted QR code. The denial of service is physically proximate.
Recommendations:
For COVID Certificate App IOS versions 2.2.0 and below, a patch is in progress.
For COVID Certificate Check App IOS versions 2.2.0 and below, a patch is in progress.
As a temporary workaround, consider avoiding the use of the QR code scanning feature in the affected apps until a patch is available.
Exploit
Fix
Improper Handling of Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Covid Certificate App
Covid Certificate Check App