CVE-2021-37786

low-risk
Published 2021-09-27

Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. This affects COVID Certificate App IOS 2.2.0 and below affected, patch in progress and COVID Certificate Check App IOS 2.2.0 and below affected, patch in progress. A denial of service (physically proximate) could be caused by scanning a crafted QR code.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.6/10 Medium
PHYSICAL / LOW complexity

Affected Products (1)

Covid Certificate

Affected Vendors

Bag

References (2)

Exploit https://github.com/admin-ch/CovidCertificate-App-iOS/issues/146
Exploit https://github.com/admin-ch/CovidCertificate-App-iOS/issues/146
21
/ 100
low-risk
Severity 16/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal