Sign-up

ID

VAR-202006-1630


CVE

CVE-2020-9835


TITLE

iOS and iPadOS In FaceTime Video Pause Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-006228

DESCRIPTION

An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 13.5 and iPadOS 13.5. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in the FaceTime component of Apple iOS versions prior to 13.5 and iPadOS versions prior to 13.5. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 1.8

sources: NVD: CVE-2020-9835 // JVNDB: JVNDB-2020-006228 // VULHUB: VHN-187960 // VULMON: CVE-2020-9835

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:13.5

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.5

Trust: 1.0

vendor:applemodel:iosscope:eqversion:13.5.1 未満 (iphone 6s 以降)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.5.1 未満 (ipad mini 4 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.5.1 未満 (ipod touch 第 7 世代)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.5.1 未満 (ipad air 2 以降)

Trust: 0.8

sources: JVNDB: JVNDB-2020-006228 // NVD: CVE-2020-9835

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9835
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006228
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202005-1332
value: MEDIUM

Trust: 0.6

VULHUB: VHN-187960
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9835
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9835
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-006228
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-187960
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9835
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006228
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-187960 // VULMON: CVE-2020-9835 // JVNDB: JVNDB-2020-006228 // CNNVD: CNNVD-202005-1332 // NVD: CVE-2020-9835

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-187960 // JVNDB: JVNDB-2020-006228 // NVD: CVE-2020-9835

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-1332

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202005-1332

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006228

PATCH
title:HT211168url:https://support.apple.com/en-us/HT211168
Trust: 0.8
title:HT211168url:https://support.apple.com/ja-jp/HT211168
Trust: 0.8
title:Apple iOS  and Apple iPadOS FaceTime Fixes for component input validation error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=121125
Trust: 0.6
title:Apple: iOS 13.5 and iPadOS 13.5url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c2f9abae95d3b17bb43cb6b3ff77ccfd
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-9835 // 
            
            
            
            JVNDB: JVNDB-2020-006228 // 
            
            
            
            CNNVD: CNNVD-202005-1332

EXTERNAL IDS
db:NVDid:CVE-2020-9835
Trust: 2.6
db:JVNid:JVNVU98042162
Trust: 0.8
db:JVNDBid:JVNDB-2020-006228
Trust: 0.8
db:CNNVDid:CNNVD-202005-1332
Trust: 0.7
db:AUSCERTid:ESB-2020.1855
Trust: 0.6
db:CNVDid:CNVD-2020-33212
Trust: 0.1
db:VULHUBid:VHN-187960
Trust: 0.1
db:VULMONid:CVE-2020-9835
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187960 // 
            
            
            
            VULMON: CVE-2020-9835 // 
            
            
            
            JVNDB: JVNDB-2020-006228 // 
            
            
            
            CNNVD: CNNVD-202005-1332 // 
            
            
            
            NVD: CVE-2020-9835

REFERENCES
url:https://support.apple.com/ht211168
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9835
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9835
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98042162/index.html
Trust: 0.8
url:https://support.apple.com/kb/ht211168
Trust: 0.7
url:https://support.apple.com/en-us/ht211168
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1855/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187960 // 
            
            
            
            VULMON: CVE-2020-9835 // 
            
            
            
            JVNDB: JVNDB-2020-006228 // 
            
            
            
            CNNVD: CNNVD-202005-1332 // 
            
            
            
            NVD: CVE-2020-9835

CREDITS
Olivier Levesque (@olilevesque)
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202005-1332

SOURCES
db:VULHUBid:VHN-187960
db:VULMONid:CVE-2020-9835
db:JVNDBid:JVNDB-2020-006228
db:CNNVDid:CNNVD-202005-1332
db:NVDid:CVE-2020-9835

LAST UPDATE DATE
2024-11-23T21:06:41.629000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-187960date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-9835date:2020-06-10T00:00:00
db:JVNDBid:JVNDB-2020-006228date:2020-07-03T00:00:00
db:CNNVDid:CNNVD-202005-1332date:2023-01-10T00:00:00
db:NVDid:CVE-2020-9835date:2024-11-21T05:41:22.363

SOURCES RELEASE DATE
db:VULHUBid:VHN-187960date:2020-06-09T00:00:00
db:VULMONid:CVE-2020-9835date:2020-06-09T00:00:00
db:JVNDBid:JVNDB-2020-006228date:2020-07-03T00:00:00
db:CNNVDid:CNNVD-202005-1332date:2020-05-20T00:00:00
db:NVDid:CVE-2020-9835date:2020-06-09T17:15:14.427