Sign-up

ID

VAR-202006-1639


CVE

CVE-2020-9848


TITLE

iOS and iPadOS Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006155

DESCRIPTION

An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5. A person with physical access to an iOS device may be able to view notification contents from the lockscreen. iOS and iPadOS Is vulnerable to authentication due to poor state management.The content of the notification may be displayed from the lock screen by a person who can physically operate the terminal. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Notifications is one of the notification push components. An information disclosure vulnerability exists in the Notifications component of Apple iOS versions prior to 13.5 and iPadOS versions prior to 13.5

Trust: 1.71

sources: NVD: CVE-2020-9848 // JVNDB: JVNDB-2020-006155 // VULHUB: VHN-187973

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:13.5

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.5

Trust: 1.0

vendor:applemodel:ipadosscope:eqversion:13.5 未満 (ipad mini 4 以降)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.5 未満 (ipad air 2 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.5 未満 (ipod touch 第 7 世代)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.5 未満 (iphone 6s 以降)

Trust: 0.8

sources: JVNDB: JVNDB-2020-006155 // NVD: CVE-2020-9848

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9848
value: LOW

Trust: 1.0

NVD: JVNDB-2020-006155
value: LOW

Trust: 0.8

CNNVD: CNNVD-202005-1331
value: LOW

Trust: 0.6

VULHUB: VHN-187973
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-9848
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006155
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-187973
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9848
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006155
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-187973 // JVNDB: JVNDB-2020-006155 // CNNVD: CNNVD-202005-1331 // NVD: CVE-2020-9848

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-187973 // JVNDB: JVNDB-2020-006155 // NVD: CVE-2020-9848

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202005-1331

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006155

PATCH
title:HT211168url:https://support.apple.com/en-us/HT211168
Trust: 0.8
title:HT211168url:https://support.apple.com/ja-jp/HT211168
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-006155

EXTERNAL IDS
db:NVDid:CVE-2020-9848
Trust: 2.5
db:JVNid:JVNVU98042162
Trust: 0.8
db:JVNDBid:JVNDB-2020-006155
Trust: 0.8
db:CNNVDid:CNNVD-202005-1331
Trust: 0.7
db:NSFOCUSid:49314
Trust: 0.6
db:AUSCERTid:ESB-2020.1855
Trust: 0.6
db:CNVDid:CNVD-2020-33214
Trust: 0.1
db:VULHUBid:VHN-187973
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187973 // 
            
            
            
            JVNDB: JVNDB-2020-006155 // 
            
            
            
            CNNVD: CNNVD-202005-1331 // 
            
            
            
            NVD: CVE-2020-9848

REFERENCES
url:https://support.apple.com/ht211168
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-9848
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9848
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98042162/index.html
Trust: 0.8
url:https://support.apple.com/kb/ht211168
Trust: 0.6
url:http://www.nsfocus.net/vulndb/49314
Trust: 0.6
url:https://support.apple.com/en-us/ht211168
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1855/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-187973 // 
            
            
            
            JVNDB: JVNDB-2020-006155 // 
            
            
            
            CNNVD: CNNVD-202005-1331 // 
            
            
            
            NVD: CVE-2020-9848

CREDITS
Nima
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202005-1331

SOURCES
db:VULHUBid:VHN-187973
db:JVNDBid:JVNDB-2020-006155
db:CNNVDid:CNNVD-202005-1331
db:NVDid:CVE-2020-9848

LAST UPDATE DATE
2024-11-23T20:52:58.675000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-187973date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2020-006155date:2020-07-02T00:00:00
db:CNNVDid:CNNVD-202005-1331date:2023-01-10T00:00:00
db:NVDid:CVE-2020-9848date:2024-11-21T05:41:23.987

SOURCES RELEASE DATE
db:VULHUBid:VHN-187973date:2020-06-09T00:00:00
db:JVNDBid:JVNDB-2020-006155date:2020-07-02T00:00:00
db:CNNVDid:CNNVD-202005-1331date:2020-05-20T00:00:00
db:NVDid:CVE-2020-9848date:2020-06-09T17:15:15.080