Sign-up

ID

VAR-202006-1616


CVE

CVE-2020-9820


TITLE

iOS and iPadOS Logic vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006286

DESCRIPTION

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to modify the file system. iOS and iPadOS Exists in a logic vulnerability due to a flaw in the processing of restrictions.A local attacker could modify the file system. apple's iPadOS and iOS Exists in unspecified vulnerabilities.Information may be tampered with. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. File System is one of the file system components

Trust: 2.43

sources: NVD: CVE-2020-9820 // JVNDB: JVNDB-2020-006286 // JVNDB: JVNDB-2020-018290 // VULHUB: VHN-187945

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:13.5

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.5

Trust: 1.0

vendor:applemodel:ipadosscope:eqversion:13.5 未満 (ipad mini 4 以降)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.5 未満 (ipad air 2 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.5 未満 (ipod touch 第 7 世代)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.5 未満 (iphone 6s 以降)

Trust: 0.8

vendor:アップルmodel:ipadosscope:eqversion:13.5

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006286 // JVNDB: JVNDB-2020-018290 // NVD: CVE-2020-9820

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9820
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006286
value: HIGH

Trust: 0.8

NVD: CVE-2020-9820
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202005-1335
value: HIGH

Trust: 0.6

VULHUB: VHN-187945
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9820
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: JVNDB-2020-006286
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-187945
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9820
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006286
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

NVD: CVE-2020-9820
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-187945 // JVNDB: JVNDB-2020-006286 // JVNDB: JVNDB-2020-018290 // CNNVD: CNNVD-202005-1335 // NVD: CVE-2020-9820

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-018290 // NVD: CVE-2020-9820

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-1335

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202005-1335

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006286

PATCH
title:HT211168url:https://support.apple.com/en-us/HT211168
Trust: 1.6
title:HT211168url:https://support.apple.com/ja-jp/HT211168
Trust: 0.8
title:Apple iOS  and Apple iPadOS File System Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121269
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006286 // 
            
            
            
            JVNDB: JVNDB-2020-018290 // 
            
            
            
            CNNVD: CNNVD-202005-1335

EXTERNAL IDS
db:NVDid:CVE-2020-9820
Trust: 4.1
db:JVNid:JVNVU98042162
Trust: 0.8
db:JVNDBid:JVNDB-2020-006286
Trust: 0.8
db:JVNDBid:JVNDB-2020-018290
Trust: 0.8
db:CNNVDid:CNNVD-202005-1335
Trust: 0.7
db:AUSCERTid:ESB-2020.1855
Trust: 0.6
db:NSFOCUSid:49310
Trust: 0.6
db:CNVDid:CNVD-2020-33209
Trust: 0.1
db:VULHUBid:VHN-187945
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187945 // 
            
            
            
            JVNDB: JVNDB-2020-006286 // 
            
            
            
            JVNDB: JVNDB-2020-018290 // 
            
            
            
            CNNVD: CNNVD-202005-1335 // 
            
            
            
            NVD: CVE-2020-9820

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-9820
Trust: 2.2
url:https://support.apple.com/ht211168
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9820
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98042162/index.html
Trust: 0.8
url:https://support.apple.com/kb/ht211168
Trust: 0.6
url:https://support.apple.com/en-us/ht211168
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1855/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/49310
Trust: 0.6
sources:
            
            
            VULHUB: VHN-187945 // 
            
            
            
            JVNDB: JVNDB-2020-006286 // 
            
            
            
            JVNDB: JVNDB-2020-018290 // 
            
            
            
            CNNVD: CNNVD-202005-1335 // 
            
            
            
            NVD: CVE-2020-9820

CREDITS
Thijs Alkemade of Computest
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202005-1335

SOURCES
db:VULHUBid:VHN-187945
db:JVNDBid:JVNDB-2020-006286
db:JVNDBid:JVNDB-2020-018290
db:CNNVDid:CNNVD-202005-1335
db:NVDid:CVE-2020-9820

LAST UPDATE DATE
2024-11-23T19:41:16.815000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-187945date:2020-06-11T00:00:00
db:JVNDBid:JVNDB-2020-006286date:2020-07-06T00:00:00
db:JVNDBid:JVNDB-2020-018290date:2024-07-18T09:05:00
db:CNNVDid:CNNVD-202005-1335date:2021-10-29T00:00:00
db:NVDid:CVE-2020-9820date:2024-11-21T05:41:20.713

SOURCES RELEASE DATE
db:VULHUBid:VHN-187945date:2020-06-09T00:00:00
db:JVNDBid:JVNDB-2020-006286date:2020-07-06T00:00:00
db:JVNDBid:JVNDB-2020-018290date:2024-07-18T00:00:00
db:CNNVDid:CNNVD-202005-1335date:2020-05-20T00:00:00
db:NVDid:CVE-2020-9820date:2020-06-09T17:15:13.457