Sign-up

ID

VAR-202010-1262


CVE

CVE-2020-9854


TITLE

plural  Apple  Logic vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-010593

DESCRIPTION

A logic issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. An application may be able to gain elevated privileges. plural Apple A logic vulnerability exists in the product due to a flawed validation.Elevated privileges may be obtained through the application. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets

Trust: 1.8

sources: NVD: CVE-2020-9854 // JVNDB: JVNDB-2020-010593 // VULHUB: VHN-187979 // VULMON: CVE-2020-9854

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:13.5

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.4.5

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.5

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.5

Trust: 1.0

vendor:アップルmodel:tvosscope:ltversion:13.4.5 (apple tv 4k)

Trust: 0.8

vendor:アップルmodel:tvosscope:ltversion:13.4.5 (apple tv hd)

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-010593 // NVD: CVE-2020-9854

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9854
value: HIGH

Trust: 1.0

NVD: CVE-2020-9854
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1210
value: HIGH

Trust: 0.6

VULHUB: VHN-187979
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9854
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9854
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-187979
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9854
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-9854
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-187979 // VULMON: CVE-2020-9854 // JVNDB: JVNDB-2020-010593 // CNNVD: CNNVD-202010-1210 // NVD: CVE-2020-9854

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-010593 // NVD: CVE-2020-9854

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1210

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-1210

PATCH

title:HT211170 Apple  Security updateurl:https://support.apple.com/en-us/HT211168

Trust: 0.8

title:Multiple Apple Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134456

Trust: 0.6

title:unauthdurl:https://github.com/A2nkF/unauthd

Trust: 0.1

sources: VULMON: CVE-2020-9854 // JVNDB: JVNDB-2020-010593 // CNNVD: CNNVD-202010-1210

EXTERNAL IDS

db:NVDid:CVE-2020-9854

Trust: 2.6

db:JVNid:JVNVU98042162

Trust: 0.8

db:JVNDBid:JVNDB-2020-010593

Trust: 0.8

db:CNNVDid:CNNVD-202010-1210

Trust: 0.7

db:NSFOCUSid:50063

Trust: 0.6

db:CNVDid:CNVD-2020-65946

Trust: 0.1

db:VULHUBid:VHN-187979

Trust: 0.1

db:VULMONid:CVE-2020-9854

Trust: 0.1

sources: VULHUB: VHN-187979 // VULMON: CVE-2020-9854 // JVNDB: JVNDB-2020-010593 // CNNVD: CNNVD-202010-1210 // NVD: CVE-2020-9854

REFERENCES

url:https://support.apple.com/kb/ht211168

Trust: 1.8

url:https://support.apple.com/kb/ht211170

Trust: 1.8

url:https://support.apple.com/kb/ht211171

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-9854

Trust: 1.4

url:http://jvn.jp/vu/jvnvu98042162/index.html

Trust: 0.8

url:https://support.apple.com/en-us/ht211170

Trust: 0.6

url:https://support.apple.com/en-us/ht211168

Trust: 0.6

url:http://www.nsfocus.net/vulndb/50063

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://github.com/a2nkf/unauthd

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-187979 // VULMON: CVE-2020-9854 // JVNDB: JVNDB-2020-010593 // CNNVD: CNNVD-202010-1210 // NVD: CVE-2020-9854

SOURCES

db:VULHUBid:VHN-187979
db:VULMONid:CVE-2020-9854
db:JVNDBid:JVNDB-2020-010593
db:CNNVDid:CNNVD-202010-1210
db:NVDid:CVE-2020-9854

LAST UPDATE DATE

2024-11-23T20:59:47.863000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-187979date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-9854date:2020-10-28T00:00:00
db:JVNDBid:JVNDB-2020-010593date:2021-01-28T08:11:00
db:CNNVDid:CNNVD-202010-1210date:2021-11-03T00:00:00
db:NVDid:CVE-2020-9854date:2024-11-21T05:41:24.903

SOURCES RELEASE DATE

db:VULHUBid:VHN-187979date:2020-10-22T00:00:00
db:VULMONid:CVE-2020-9854date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2020-010593date:2021-01-28T00:00:00
db:CNNVDid:CNNVD-202010-1210date:2020-10-22T00:00:00
db:NVDid:CVE-2020-9854date:2020-10-22T18:15:13.910