Details of VAR-202006-1619

ID

VAR-202006-1619

CVE

CVE-2020-9823

TITLE

iOS and iPadOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006289

DESCRIPTION

This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5. Users removed from an iMessage conversation may still be able to alter state. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Messages is one of the application components for sending texts, photos and videos. A security vulnerability exists in the Messages component of Apple iOS versions prior to 13.5 and iPadOS versions prior to 13.5

Trust: 1.71

sources: NVD: CVE-2020-9823 // JVNDB: JVNDB-2020-006289 // VULHUB: VHN-187948

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	13.5	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	13.5	Trust: 1.0
vendor:	apple	model:	ipados	scope:	eq	version:	13.5 未満 (ipad mini 4 以降)	Trust: 0.8
vendor:	apple	model:	ipados	scope:	eq	version:	13.5 未満 (ipad air 2 以降)	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	13.5 未満 (ipod touch 第 7 世代)	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	13.5 未満 (iphone 6s 以降)	Trust: 0.8

sources: JVNDB: JVNDB-2020-006289 // NVD: CVE-2020-9823

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9823
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006289
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202005-1333
value:	HIGH
Trust: 0.6
VULHUB:	VHN-187948
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9823
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006289
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-187948
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9823
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006289
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187948 // JVNDB: JVNDB-2020-006289 // CNNVD: CNNVD-202005-1333 // NVD: CVE-2020-9823

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-9823

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-1333

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202005-1333

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006289

PATCH

title:	HT211168	url:	https://support.apple.com/en-us/HT211168	Trust: 0.8
title:	HT211168	url:	https://support.apple.com/ja-jp/HT211168	Trust: 0.8

sources: JVNDB: JVNDB-2020-006289

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9823	Trust: 2.5
db:	JVN	id:	JVNVU98042162	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-006289	Trust: 0.8
db:	CNNVD	id:	CNNVD-202005-1333	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1855	Trust: 0.6
db:	CNVD	id:	CNVD-2020-33210	Trust: 0.1
db:	VULHUB	id:	VHN-187948	Trust: 0.1

sources: VULHUB: VHN-187948 // JVNDB: JVNDB-2020-006289 // CNNVD: CNNVD-202005-1333 // NVD: CVE-2020-9823

REFERENCES

url:	https://support.apple.com/ht211168	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9823	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9823	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98042162/index.html	Trust: 0.8
url:	https://support.apple.com/kb/ht211168	Trust: 0.6
url:	https://support.apple.com/en-us/ht211168	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1855/	Trust: 0.6

sources: VULHUB: VHN-187948 // JVNDB: JVNDB-2020-006289 // CNNVD: CNNVD-202005-1333 // NVD: CVE-2020-9823

CREDITS

Suryansh Mansharamani,Plainsboro,student of Community Middle School,New Jersey

Trust: 0.6

sources: CNNVD: CNNVD-202005-1333

SOURCES

db:	VULHUB	id:	VHN-187948
db:	JVNDB	id:	JVNDB-2020-006289
db:	CNNVD	id:	CNNVD-202005-1333
db:	NVD	id:	CVE-2020-9823

LAST UPDATE DATE

2024-11-23T20:35:28.805000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187948	date:	2023-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-006289	date:	2020-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202005-1333	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2020-9823	date:	2024-11-21T05:41:21.060

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187948	date:	2020-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-006289	date:	2020-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202005-1333	date:	2020-05-20T00:00:00
db:	NVD	id:	CVE-2020-9823	date:	2020-06-09T17:15:13.677