Sign-up

ID

VAR-202006-1644


CVE

CVE-2020-9856


TITLE

macOS Catalina Buffer error vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006282

DESCRIPTION

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of Core Virtual Machine Service caches. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. CVMS is one of the core virtual machine server components. An attacker could exploit this vulnerability to elevate privileges

Trust: 2.43

sources: NVD: CVE-2020-9856 // JVNDB: JVNDB-2020-006282 // ZDI: ZDI-20-680 // VULHUB: VHN-187981 // VULMON: CVE-2020-9856

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.13.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.13

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.4

Trust: 0.8

vendor:applemodel:macosscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-20-680 // JVNDB: JVNDB-2020-006282 // NVD: CVE-2020-9856

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9856
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006282
value: MEDIUM

Trust: 0.8

ZDI: CVE-2020-9856
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-202005-1303
value: MEDIUM

Trust: 0.6

VULHUB: VHN-187981
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9856
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9856
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-006282
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-187981
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9856
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006282
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-9856
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-680 // VULHUB: VHN-187981 // VULMON: CVE-2020-9856 // JVNDB: JVNDB-2020-006282 // CNNVD: CNNVD-202005-1303 // NVD: CVE-2020-9856

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-187981 // JVNDB: JVNDB-2020-006282 // NVD: CVE-2020-9856

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-1303

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202005-1303

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006282

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-187981

PATCH
title:HT211170url:https://support.apple.com/en-us/HT211170
Trust: 0.8
title:HT211170url:https://support.apple.com/ja-jp/HT211170
Trust: 0.8
title: - url:https://support.apple.com/en-gb/HT211170
Trust: 0.7
title:Apple macOS Catalina CVMS Fix for component buffer error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121264
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-680 // 
            
            
            
            JVNDB: JVNDB-2020-006282 // 
            
            
            
            CNNVD: CNNVD-202005-1303

EXTERNAL IDS
db:NVDid:CVE-2020-9856
Trust: 3.3
db:ZDIid:ZDI-20-680
Trust: 1.3
db:PACKETSTORMid:159447
Trust: 0.8
db:JVNid:JVNVU98042162
Trust: 0.8
db:JVNDBid:JVNDB-2020-006282
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-10775
Trust: 0.7
db:CNNVDid:CNNVD-202005-1303
Trust: 0.7
db:AUSCERTid:ESB-2020.1859
Trust: 0.6
db:NSFOCUSid:48620
Trust: 0.6
db:CNVDid:CNVD-2020-34639
Trust: 0.1
db:VULHUBid:VHN-187981
Trust: 0.1
db:VULMONid:CVE-2020-9856
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-680 // 
            
            
            
            VULHUB: VHN-187981 // 
            
            
            
            VULMON: CVE-2020-9856 // 
            
            
            
            JVNDB: JVNDB-2020-006282 // 
            
            
            
            CNNVD: CNNVD-202005-1303 // 
            
            
            
            NVD: CVE-2020-9856

REFERENCES
url:https://support.apple.com/ht211170
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9856
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9856
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98042162/index.html
Trust: 0.8
url:https://support.apple.com/en-gb/ht211170
Trust: 0.7
url:https://packetstormsecurity.com/files/159447/safari-type-confusion-sandbox-escape.html
Trust: 0.7
url:https://support.apple.com/en-us/ht211170
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1859/
Trust: 0.6
url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-32343
Trust: 0.6
url:https://support.apple.com/kb/ht211170
Trust: 0.6
url:https://www.zerodayinitiative.com/advisories/zdi-20-680/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48620
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.rapid7.com/db/modules/exploit/osx/browser/safari_in_operator_side_effect/
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-680 // 
            
            
            
            VULHUB: VHN-187981 // 
            
            
            
            VULMON: CVE-2020-9856 // 
            
            
            
            JVNDB: JVNDB-2020-006282 // 
            
            
            
            CNNVD: CNNVD-202005-1303 // 
            
            
            
            NVD: CVE-2020-9856

CREDITS
@jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-680

SOURCES
db:ZDIid:ZDI-20-680
db:VULHUBid:VHN-187981
db:VULMONid:CVE-2020-9856
db:JVNDBid:JVNDB-2020-006282
db:CNNVDid:CNNVD-202005-1303
db:NVDid:CVE-2020-9856

LAST UPDATE DATE
2024-11-23T21:31:29.479000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-680date:2020-05-28T00:00:00
db:VULHUBid:VHN-187981date:2022-03-31T00:00:00
db:VULMONid:CVE-2020-9856date:2022-03-31T00:00:00
db:JVNDBid:JVNDB-2020-006282date:2020-07-06T00:00:00
db:CNNVDid:CNNVD-202005-1303date:2022-04-01T00:00:00
db:NVDid:CVE-2020-9856date:2024-11-21T05:41:25.117

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-680date:2020-05-28T00:00:00
db:VULHUBid:VHN-187981date:2020-06-09T00:00:00
db:VULMONid:CVE-2020-9856date:2020-06-09T00:00:00
db:JVNDBid:JVNDB-2020-006282date:2020-07-06T00:00:00
db:CNNVDid:CNNVD-202005-1303date:2020-05-26T00:00:00
db:NVDid:CVE-2020-9856date:2020-06-09T17:15:15.410