Details of VAR-202010-1255

ID

VAR-202010-1255

CVE

CVE-2020-9774

TITLE

Apple macOS Catalina and Apple macOS High Sierra Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202010-1469

DESCRIPTION

An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed. Apple macOS High Sierra and Apple macOS Catalina are a set of dedicated operating systems developed by Apple for Mac computers. Apple macOS Catalina versions prior to 10.15.3 have a security vulnerability that stems from an issue when Siri advises users to access encrypted data, which could be inappropriately accessed

Trust: 1.08

sources: NVD: CVE-2020-9774 // VULHUB: VHN-187899 // VULMON: CVE-2020-9774

AFFECTED PRODUCTS

vendor:

apple

model:

mac os x

scope:

version:

10.15.3

Trust: 1.0

sources: NVD: CVE-2020-9774

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9774
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202010-1469
value:	HIGH
Trust: 0.6
VULHUB:	VHN-187899
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-9774
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9774
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-187899
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9774
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-187899 // VULMON: CVE-2020-9774 // CNNVD: CNNVD-202010-1469 // NVD: CVE-2020-9774

PROBLEMTYPE DATA

problemtype:

CWE-311

Trust: 1.1

sources: VULHUB: VHN-187899 // NVD: CVE-2020-9774

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1469

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-1469

PATCH

title:

Apple macOS Catalina and High Sierra Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131867

Trust: 0.6

sources: CNNVD: CNNVD-202010-1469

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9774	Trust: 1.8
db:	CNNVD	id:	CNNVD-202010-1469	Trust: 0.7
db:	CNVD	id:	CNVD-2020-61028	Trust: 0.1
db:	VULHUB	id:	VHN-187899	Trust: 0.1
db:	VULMON	id:	CVE-2020-9774	Trust: 0.1

sources: VULHUB: VHN-187899 // VULMON: CVE-2020-9774 // CNNVD: CNNVD-202010-1469 // NVD: CVE-2020-9774

REFERENCES

url:	https://support.apple.com/en-us/ht210919	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9774	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/311.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-187899 // VULMON: CVE-2020-9774 // CNNVD: CNNVD-202010-1469 // NVD: CVE-2020-9774

SOURCES

db:	VULHUB	id:	VHN-187899
db:	VULMON	id:	CVE-2020-9774
db:	CNNVD	id:	CNNVD-202010-1469
db:	NVD	id:	CVE-2020-9774

LAST UPDATE DATE

2024-11-23T22:16:17.236000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187899	date:	2020-10-30T00:00:00
db:	VULMON	id:	CVE-2020-9774	date:	2020-10-30T00:00:00
db:	CNNVD	id:	CNNVD-202010-1469	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2020-9774	date:	2024-11-21T05:41:15.053

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187899	date:	2020-10-27T00:00:00
db:	VULMON	id:	CVE-2020-9774	date:	2020-10-27T00:00:00
db:	CNNVD	id:	CNNVD-202010-1469	date:	2020-10-27T00:00:00
db:	NVD	id:	CVE-2020-9774	date:	2020-10-27T21:15:15.320