Details of VAR-202006-1635

ID

VAR-202006-1635

CVE

CVE-2020-9842

TITLE

plural Apple Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-006157

DESCRIPTION

An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform privileged actions. plural Apple The product contains unspecified vulnerabilities due to imperfect checks.Any entitlement may be used through the application. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. AppleMobileFileIntegrity is one of the plugins with file integrity checking function. A security vulnerability exists in the AppleMobileFileIntegrity component of several Apple products. The following products and versions are affected: Apple macOS Catalina prior to 10.15.5; iOS prior to 13.5; iPadOS prior to 13.5; tvOS prior to 13.4.5; watchOS prior to 6.2.5

Trust: 1.71

sources: NVD: CVE-2020-9842 // JVNDB: JVNDB-2020-006157 // VULHUB: VHN-187967

AFFECTED PRODUCTS

vendor:	apple	model:	tvos	scope:	lt	version:	13.4.5	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	13.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	13.5	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	6.2.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.5	Trust: 1.0
vendor:	apple	model:	tvos	scope:	eq	version:	13.4.5 未満 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	ipados	scope:	eq	version:	13.5 未満 (ipad air 2 以降)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	eq	version:	6.2.5 未満 (apple watch series 1 以降 )	Trust: 0.8
vendor:	apple	model:	ipados	scope:	eq	version:	13.5 未満 (ipad mini 4 以降)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.6	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	13.5 未満 (ipod touch 第 7 世代)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	eq	version:	13.4.5 未満 (apple tv hd)	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	13.5 未満 (iphone 6s 以降)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.4	Trust: 0.8

sources: JVNDB: JVNDB-2020-006157 // NVD: CVE-2020-9842

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9842
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006157
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202005-1317
value:	HIGH
Trust: 0.6
VULHUB:	VHN-187967
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9842
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006157
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-187967
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9842
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006157
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187967 // JVNDB: JVNDB-2020-006157 // CNNVD: CNNVD-202005-1317 // NVD: CVE-2020-9842

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-9842

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-1317

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202005-1317

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006157

PATCH

title:	HT211168	url:	https://support.apple.com/en-us/HT211168	Trust: 0.8
title:	HT211170	url:	https://support.apple.com/en-us/HT211170	Trust: 0.8
title:	HT211171	url:	https://support.apple.com/en-us/HT211171	Trust: 0.8
title:	HT211175	url:	https://support.apple.com/en-us/HT211175	Trust: 0.8
title:	HT211170	url:	https://support.apple.com/ja-jp/HT211170	Trust: 0.8
title:	HT211171	url:	https://support.apple.com/ja-jp/HT211171	Trust: 0.8
title:	HT211175	url:	https://support.apple.com/ja-jp/HT211175	Trust: 0.8
title:	HT211168	url:	https://support.apple.com/ja-jp/HT211168	Trust: 0.8
title:	Multiple Apple product AppleMobileFileIntegrity Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121029	Trust: 0.6

sources: JVNDB: JVNDB-2020-006157 // CNNVD: CNNVD-202005-1317

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9842	Trust: 2.5
db:	JVN	id:	JVNVU98042162	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-006157	Trust: 0.8
db:	CNNVD	id:	CNNVD-202005-1317	Trust: 0.7
db:	NSFOCUS	id:	48616	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1861	Trust: 0.6
db:	VULHUB	id:	VHN-187967	Trust: 0.1

sources: VULHUB: VHN-187967 // JVNDB: JVNDB-2020-006157 // CNNVD: CNNVD-202005-1317 // NVD: CVE-2020-9842

REFERENCES

url:	https://support.apple.com/ht211168	Trust: 1.7
url:	https://support.apple.com/ht211170	Trust: 1.7
url:	https://support.apple.com/ht211171	Trust: 1.7
url:	https://support.apple.com/ht211175	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9842	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9842	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98042162/index.html	Trust: 0.8
url:	https://support.apple.com/kb/ht211168	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1861/	Trust: 0.6
url:	https://support.apple.com/en-us/ht211170	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/48616	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-32343	Trust: 0.6
url:	https://support.apple.com/en-us/ht211168	Trust: 0.6
url:	https://support.apple.com/kb/ht211170	Trust: 0.6

sources: VULHUB: VHN-187967 // JVNDB: JVNDB-2020-006157 // CNNVD: CNNVD-202005-1317 // NVD: CVE-2020-9842

CREDITS

Linus Henze (pinauten.de)

Trust: 0.6

sources: CNNVD: CNNVD-202005-1317

SOURCES

db:	VULHUB	id:	VHN-187967
db:	JVNDB	id:	JVNDB-2020-006157
db:	CNNVD	id:	CNNVD-202005-1317
db:	NVD	id:	CVE-2020-9842

LAST UPDATE DATE

2024-11-23T20:02:37.455000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187967	date:	2023-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-006157	date:	2020-07-02T00:00:00
db:	CNNVD	id:	CNNVD-202005-1317	date:	2022-06-06T00:00:00
db:	NVD	id:	CVE-2020-9842	date:	2024-11-21T05:41:23.137

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187967	date:	2020-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-006157	date:	2020-07-02T00:00:00
db:	CNNVD	id:	CNNVD-202005-1317	date:	2020-05-26T00:00:00
db:	NVD	id:	CVE-2020-9842	date:	2020-06-09T17:15:14.800