Sign-up

ID

VAR-202006-1642


CVE

CVE-2020-9852


TITLE

plural Apple Integer overflow vulnerability in product

Trust: 0.8

sources: JVNDB: JVNDB-2020-006141

DESCRIPTION

An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. Kernel components in several Apple products have security vulnerabilities. The following products and versions are affected: Apple iOS prior to 13.5; iPadOS prior to 13.5; macOS Catalina prior to 10.15.5; tvOS prior to 13.4.5; watchOS prior to 6.2.5

Trust: 1.71

sources: NVD: CVE-2020-9852 // JVNDB: JVNDB-2020-006141 // VULHUB: VHN-187977

AFFECTED PRODUCTS

vendor:applemodel:tvosscope:ltversion:13.4.5

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.5

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.5

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.2.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.5

Trust: 1.0

vendor:applemodel:tvosscope:eqversion:13.4.5 未満 (apple tv 4k)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.3.1 未満 (ipod touch 第 7 世代)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.3.1 未満 (iphone 6s 以降)

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:6.2.5 未満 (apple watch series 1 以降 )

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.3.1 未満 (ipad air 2 以降)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.4.5 未満 (apple tv hd)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.3.1 未満 (ipad mini 4 以降)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.15.4

Trust: 0.8

sources: JVNDB: JVNDB-2020-006141 // NVD: CVE-2020-9852

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9852
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006141
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202005-1287
value: HIGH

Trust: 0.6

VULHUB: VHN-187977
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-9852
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006141
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-187977
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9852
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006141
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-187977 // JVNDB: JVNDB-2020-006141 // CNNVD: CNNVD-202005-1287 // NVD: CVE-2020-9852

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.9

sources: VULHUB: VHN-187977 // JVNDB: JVNDB-2020-006141 // NVD: CVE-2020-9852

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-1287

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202005-1287

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006141

PATCH
title:HT211168url:https://support.apple.com/en-us/HT211168
Trust: 0.8
title:HT211170url:https://support.apple.com/en-us/HT211170
Trust: 0.8
title:HT211171url:https://support.apple.com/en-us/HT211171
Trust: 0.8
title:HT211175url:https://support.apple.com/en-us/HT211175
Trust: 0.8
title:HT211170url:https://support.apple.com/ja-jp/HT211170
Trust: 0.8
title:HT211171url:https://support.apple.com/ja-jp/HT211171
Trust: 0.8
title:HT211175url:https://support.apple.com/ja-jp/HT211175
Trust: 0.8
title:HT211168url:https://support.apple.com/ja-jp/HT211168
Trust: 0.8
title:Multiple Apple product Kernel Fixes for component input validation error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121024
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006141 // 
            
            
            
            CNNVD: CNNVD-202005-1287

EXTERNAL IDS
db:NVDid:CVE-2020-9852
Trust: 2.5
db:JVNid:JVNVU98042162
Trust: 0.8
db:JVNDBid:JVNDB-2020-006141
Trust: 0.8
db:CNNVDid:CNNVD-202005-1287
Trust: 0.7
db:AUSCERTid:ESB-2020.1861
Trust: 0.6
db:NSFOCUSid:48547
Trust: 0.6
db:CNVDid:CNVD-2020-65925
Trust: 0.1
db:VULHUBid:VHN-187977
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187977 // 
            
            
            
            JVNDB: JVNDB-2020-006141 // 
            
            
            
            CNNVD: CNNVD-202005-1287 // 
            
            
            
            NVD: CVE-2020-9852

REFERENCES
url:https://support.apple.com/ht211168
Trust: 1.7
url:https://support.apple.com/ht211170
Trust: 1.7
url:https://support.apple.com/ht211171
Trust: 1.7
url:https://support.apple.com/ht211175
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-9852
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9852
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98042162/index.html
Trust: 0.8
url:https://support.apple.com/kb/ht211168
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1861/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48547
Trust: 0.6
url:https://support.apple.com/en-us/ht211170
Trust: 0.6
url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-32343
Trust: 0.6
url:https://support.apple.com/en-us/ht211168
Trust: 0.6
url:https://support.apple.com/kb/ht211170
Trust: 0.6
sources:
            
            
            VULHUB: VHN-187977 // 
            
            
            
            JVNDB: JVNDB-2020-006141 // 
            
            
            
            CNNVD: CNNVD-202005-1287 // 
            
            
            
            NVD: CVE-2020-9852

SOURCES
db:VULHUBid:VHN-187977
db:JVNDBid:JVNDB-2020-006141
db:CNNVDid:CNNVD-202005-1287
db:NVDid:CVE-2020-9852

LAST UPDATE DATE
2024-11-23T20:14:06.106000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-187977date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2020-006141date:2020-07-01T00:00:00
db:CNNVDid:CNNVD-202005-1287date:2021-11-03T00:00:00
db:NVDid:CVE-2020-9852date:2024-11-21T05:41:24.643

SOURCES RELEASE DATE
db:VULHUBid:VHN-187977date:2020-06-09T00:00:00
db:JVNDBid:JVNDB-2020-006141date:2020-07-01T00:00:00
db:CNNVDid:CNNVD-202005-1287date:2020-05-26T00:00:00
db:NVDid:CVE-2020-9852date:2020-06-09T17:15:15.287