CVE-2021-32755
low-risk
Published 2021-07-13
Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new websocket implementation is not configured to enforce certificate pinning when available. Certificate pinning for the new websocket is enforced in version 3.84 or above.
Do I need to act?
-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
Wire
Affected Vendors
References (2)
Third Party Advisory
https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-v8mx-h3vj...
Third Party Advisory
https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-v8mx-h3vj...
26
/ 100
low-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal