CVE-2021-32755 — MEDIUM (5.4)

Vulnerability Description

Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new websocket implementation is not configured to enforce certificate pinning when available. Certificate pinning for the new websocket is enforced in version 3.84 or above.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Wire	Wire	< 3.84
Apple	Iphone Os	>= 13.0

Related Weaknesses (CWE)

CWE-295

References

https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-v8mx-h3vjThird Party Advisory
https://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-v8mx-h3vjThird Party Advisory

FAQ

What is CVE-2021-32755?

CVE-2021-32755 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a...

How severe is CVE-2021-32755?

CVE-2021-32755 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-32755?

Check the references section above for vendor advisories and patch information. Affected products include: Wire Wire, Apple Iphone Os.