Sign-up

ID

VAR-202006-1625


CVE

CVE-2020-9830


TITLE

macOS Catalina Memory Corruption Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006223

DESCRIPTION

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Wi-Fi is one of the wireless Internet access components

Trust: 1.71

sources: NVD: CVE-2020-9830 // JVNDB: JVNDB-2020-006223 // VULHUB: VHN-187955

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 1.8

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.8

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.13.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.13

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.5

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.5

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.4

Trust: 0.8

sources: JVNDB: JVNDB-2020-006223 // NVD: CVE-2020-9830

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9830
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006223
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202005-1267
value: HIGH

Trust: 0.6

VULHUB: VHN-187955
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-9830
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006223
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-187955
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9830
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006223
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-187955 // JVNDB: JVNDB-2020-006223 // CNNVD: CNNVD-202005-1267 // NVD: CVE-2020-9830

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.8

sources: VULHUB: VHN-187955 // JVNDB: JVNDB-2020-006223 // NVD: CVE-2020-9830

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-1267

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202005-1267

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006223

PATCH
title:HT211170url:https://support.apple.com/en-us/HT211170
Trust: 0.8
title:HT211170url:https://support.apple.com/ja-jp/HT211170
Trust: 0.8
title:Apple macOS Catalina Wi-Fi Fix for component buffer error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121123
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006223 // 
            
            
            
            CNNVD: CNNVD-202005-1267

EXTERNAL IDS
db:NVDid:CVE-2020-9830
Trust: 2.5
db:JVNid:JVNVU98042162
Trust: 0.8
db:JVNDBid:JVNDB-2020-006223
Trust: 0.8
db:AUSCERTid:ESB-2020.1859
Trust: 0.6
db:NSFOCUSid:48541
Trust: 0.6
db:CNNVDid:CNNVD-202005-1267
Trust: 0.6
db:CNVDid:CNVD-2020-32218
Trust: 0.1
db:VULHUBid:VHN-187955
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187955 // 
            
            
            
            JVNDB: JVNDB-2020-006223 // 
            
            
            
            CNNVD: CNNVD-202005-1267 // 
            
            
            
            NVD: CVE-2020-9830

REFERENCES
url:https://support.apple.com/ht211170
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-9830
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9830
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98042162/index.html
Trust: 0.8
url:https://support.apple.com/kb/ht211168
Trust: 0.6
url:https://support.apple.com/en-us/ht211170
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1859/
Trust: 0.6
url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-32343
Trust: 0.6
url:https://support.apple.com/en-us/ht211168
Trust: 0.6
url:https://support.apple.com/kb/ht211170
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48541
Trust: 0.6
sources:
            
            
            VULHUB: VHN-187955 // 
            
            
            
            JVNDB: JVNDB-2020-006223 // 
            
            
            
            CNNVD: CNNVD-202005-1267 // 
            
            
            
            NVD: CVE-2020-9830

CREDITS
Tielei Wang of Pangu Lab
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202005-1267

SOURCES
db:VULHUBid:VHN-187955
db:JVNDBid:JVNDB-2020-006223
db:CNNVDid:CNNVD-202005-1267
db:NVDid:CVE-2020-9830

LAST UPDATE DATE
2024-11-23T21:30:44.118000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-187955date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2020-006223date:2020-07-03T00:00:00
db:CNNVDid:CNNVD-202005-1267date:2021-11-03T00:00:00
db:NVDid:CVE-2020-9830date:2024-11-21T05:41:21.827

SOURCES RELEASE DATE
db:VULHUBid:VHN-187955date:2020-06-09T00:00:00
db:JVNDBid:JVNDB-2020-006223date:2020-07-03T00:00:00
db:CNNVDid:CNNVD-202005-1267date:2020-05-26T00:00:00
db:NVDid:CVE-2020-9830date:2020-06-09T17:15:14.097