CVE-2021-1872
ENISA EUVD: EUVD-2021-7336 ↗
✓ Confirmed 0-Day
Triaged: March 20, 2026
4 articles
Published: 2021-09-08
EPSS Score
Source: FIRST.org · 2026-05-23
0.3%
probability
This CVE has a 0.3% probability
of being exploited in the next 30 days.
0%
Top 53.9th percentile of all CVEs
100%
CVSS v3.1
Source: NVD4.3
MEDIUM
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS v2 (legacy)
4.3
MEDIUM
Access Vector
Network
Access Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
AV:N/AC:M/Au:N/C:N/I:P/A:N
Description
VulnerabilityLookup (CNA)A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. Muting a CallKit call while ringing may not result in mute being enabled.
Affected Products
Apple
iOS and iPadOS
unspecified
Apple
watchOS
unspecified
Apple
macOS
unspecified
https://support.apple.com/en-us/HT212317
x_refsource_MISC
https://support.apple.com/en-us/HT212324
x_refsource_MISC
https://support.apple.com/en-us/HT212325
x_refsource_MISC
Signal Intelligence
Confidence
92%
EPSS
0.3%
CVSS v3.1
4.3
Mentions
4
Last Seen
Oct 11, 2021
CNA Information
CNA Assigner
apple
Analyst Note
Multiple authoritative sources (BleepingComputer) explicitly document this as a zero-day exploited in the wild against iPhones and Macs by NSO Group spyware, with Apple releasing emergency patches (iOS 15.0.2) to address active exploitation. The timing aligns with simultaneous patch release and exploitation disclosure, meeting zero-day criteria.
Triage Info
Decided atMar 20, 2026
Published DateSep 08, 2021