Details of VAR-202010-1263

ID

VAR-202010-1263

CVE

CVE-2020-9857

TITLE

Apple macOS Catalina Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202005-1280

DESCRIPTION

An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra. A malicious website may be able to exfiltrate autofilled data in Safari. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. NSURL is one of the components for handling URLs (Uniform Resource Locators). A security vulnerability exists in the NSURL component in versions prior to Apple macOS Catalina 10.15.5. Apple macOS Catalina could allow a remote malicious user to obtain sensitive information, caused by an issue in the parsing of URLs in the NSURL component

Trust: 1.08

sources: NVD: CVE-2020-9857 // VULHUB: VHN-187982 // VULMON: CVE-2020-9857

AFFECTED PRODUCTS

vendor:

apple

model:

mac os x

scope:

version:

10.15.5

Trust: 1.0

sources: NVD: CVE-2020-9857

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9857
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202005-1280
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-187982
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-9857
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9857
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-187982
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9857
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-187982 // VULMON: CVE-2020-9857 // CNNVD: CNNVD-202005-1280 // NVD: CVE-2020-9857

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2020-9857

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-1280

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202005-1280

PATCH

title:	Apple macOS Catalina NSURL Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119702	Trust: 0.6
title:	Apple: macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=18d2b84c501f56d4d090c6cfd170dcdf	Trust: 0.1

sources: VULMON: CVE-2020-9857 // CNNVD: CNNVD-202005-1280

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9857	Trust: 1.8
db:	CNNVD	id:	CNNVD-202005-1280	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1859	Trust: 0.6
db:	CNVD	id:	CNVD-2020-49318	Trust: 0.1
db:	VULHUB	id:	VHN-187982	Trust: 0.1
db:	VULMON	id:	CVE-2020-9857	Trust: 0.1

sources: VULHUB: VHN-187982 // VULMON: CVE-2020-9857 // CNNVD: CNNVD-202005-1280 // NVD: CVE-2020-9857

REFERENCES

url:	https://support.apple.com/en-us/ht211170	Trust: 1.8
url:	https://www.auscert.org.au/bulletins/esb-2020.1859/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-32343	Trust: 0.6
url:	https://support.apple.com/kb/ht211170	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9857	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/182660	Trust: 0.1

sources: VULHUB: VHN-187982 // VULMON: CVE-2020-9857 // CNNVD: CNNVD-202005-1280 // NVD: CVE-2020-9857

SOURCES

db:	VULHUB	id:	VHN-187982
db:	VULMON	id:	CVE-2020-9857
db:	CNNVD	id:	CNNVD-202005-1280
db:	NVD	id:	CVE-2020-9857

LAST UPDATE DATE

2024-11-23T20:01:07.719000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187982	date:	2020-10-29T00:00:00
db:	VULMON	id:	CVE-2020-9857	date:	2020-10-29T00:00:00
db:	CNNVD	id:	CNNVD-202005-1280	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2020-9857	date:	2024-11-21T05:41:25.217

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187982	date:	2020-10-27T00:00:00
db:	VULMON	id:	CVE-2020-9857	date:	2020-10-27T00:00:00
db:	CNNVD	id:	CNNVD-202005-1280	date:	2020-05-26T00:00:00
db:	NVD	id:	CVE-2020-9857	date:	2020-10-27T21:15:15.510