Sign-up

ID

VAR-202006-1641


CVE

CVE-2020-9851


TITLE

macOS Catalina Access vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006140

DESCRIPTION

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to modify protected parts of the file system. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. PackageKit is one of the open source application software suites, which is mainly used for the installation and upgrade of Linux software. A security vulnerability exists in the PackageKit component of Apple macOS Catalina versions prior to 10.15.5

Trust: 1.8

sources: NVD: CVE-2020-9851 // JVNDB: JVNDB-2020-006140 // VULHUB: VHN-187976 // VULMON: CVE-2020-9851

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.15.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.4

Trust: 0.8

sources: JVNDB: JVNDB-2020-006140 // NVD: CVE-2020-9851

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9851
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006140
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202005-1278
value: MEDIUM

Trust: 0.6

VULHUB: VHN-187976
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9851
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9851
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-006140
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-187976
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9851
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006140
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-187976 // VULMON: CVE-2020-9851 // JVNDB: JVNDB-2020-006140 // CNNVD: CNNVD-202005-1278 // NVD: CVE-2020-9851

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-732

Trust: 0.9

sources: VULHUB: VHN-187976 // JVNDB: JVNDB-2020-006140 // NVD: CVE-2020-9851

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-1278

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202005-1278

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006140

PATCH
title:HT211170url:https://support.apple.com/en-us/HT211170
Trust: 0.8
title:HT211170url:https://support.apple.com/ja-jp/HT211170
Trust: 0.8
title:Apple macOS Catalina PackageKit Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121023
Trust: 0.6
title:Apple: macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierraurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=18d2b84c501f56d4d090c6cfd170dcdf
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-9851 // 
            
            
            
            JVNDB: JVNDB-2020-006140 // 
            
            
            
            CNNVD: CNNVD-202005-1278

EXTERNAL IDS
db:NVDid:CVE-2020-9851
Trust: 2.6
db:JVNid:JVNVU98042162
Trust: 0.8
db:JVNDBid:JVNDB-2020-006140
Trust: 0.8
db:CNNVDid:CNNVD-202005-1278
Trust: 0.7
db:AUSCERTid:ESB-2020.1859
Trust: 0.6
db:NSFOCUSid:48628
Trust: 0.6
db:CNVDid:CNVD-2020-34632
Trust: 0.1
db:VULHUBid:VHN-187976
Trust: 0.1
db:VULMONid:CVE-2020-9851
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187976 // 
            
            
            
            VULMON: CVE-2020-9851 // 
            
            
            
            JVNDB: JVNDB-2020-006140 // 
            
            
            
            CNNVD: CNNVD-202005-1278 // 
            
            
            
            NVD: CVE-2020-9851

REFERENCES
url:https://support.apple.com/ht211170
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9851
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9851
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98042162/index.html
Trust: 0.8
url:https://support.apple.com/kb/ht211170
Trust: 0.7
url:https://support.apple.com/en-us/ht211170
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48628
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1859/
Trust: 0.6
url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-32343
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187976 // 
            
            
            
            VULMON: CVE-2020-9851 // 
            
            
            
            JVNDB: JVNDB-2020-006140 // 
            
            
            
            CNNVD: CNNVD-202005-1278 // 
            
            
            
            NVD: CVE-2020-9851

CREDITS
Linus Henze (pinauten.de)
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202005-1278

SOURCES
db:VULHUBid:VHN-187976
db:VULMONid:CVE-2020-9851
db:JVNDBid:JVNDB-2020-006140
db:CNNVDid:CNNVD-202005-1278
db:NVDid:CVE-2020-9851

LAST UPDATE DATE
2024-11-23T19:26:59.315000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-187976date:2021-07-21T00:00:00
db:VULMONid:CVE-2020-9851date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-006140date:2020-07-01T00:00:00
db:CNNVDid:CNNVD-202005-1278date:2021-10-29T00:00:00
db:NVDid:CVE-2020-9851date:2024-11-21T05:41:24.520

SOURCES RELEASE DATE
db:VULHUBid:VHN-187976date:2020-06-09T00:00:00
db:VULMONid:CVE-2020-9851date:2020-06-09T00:00:00
db:JVNDBid:JVNDB-2020-006140date:2020-07-01T00:00:00
db:CNNVDid:CNNVD-202005-1278date:2020-05-26T00:00:00
db:NVDid:CVE-2020-9851date:2020-06-09T17:15:15.223