Wire
CVE-2021-21301
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first has their camera enabled and then disables it. It's a privacy issue because video is streamed to the call when the user believes it is disabled. It impacts all users in video calls. This is fixed in version 3.75.
AnalysisAI
Wire is an open-source collaboration platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first has their camera enabled and then disables it. It's a privacy issue because video is streamed to the call when the user believes it is disabled. It impacts all users in video calls. This is fixed in version 3.75. Affected products include: Wire. Version information: version 3.75.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbi
Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer
In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. Rated high severity (CVSS 8.0), this vuln
The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads direc
Wire is an open source secure messenger. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable,
Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for
wire-server provides back end services for Wire, a team communication and collaboration platform. Rated medium severity
wire-ios is an iOS client for the Wire secure messaging application. Rated medium severity (CVSS 6.5), this vulnerabilit
Wire-ios is a messaging application using the wire protocol on apple's ios platform. Rated medium severity (CVSS 6.5), t
wire-ios is the iOS version of Wire, an open-source secure messaging app. Rated medium severity (CVSS 6.5), this vulnera
wire-ios is the iOS version of Wire, an open-source secure messaging app. Rated medium severity (CVSS 6.5), this vulnera
Wire is an open source secure messenger. Rated medium severity (CVSS 4.6), this vulnerability is no authentication requi
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today