Sign-up

ID

VAR-202010-1266


CVE

CVE-2020-9863


TITLE

plural Apple Product Initialization Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-010561

DESCRIPTION

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets

Trust: 1.8

sources: NVD: CVE-2020-9863 // JVNDB: JVNDB-2020-010561 // VULHUB: VHN-187988 // VULMON: CVE-2020-9863

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.15.6

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.2.8

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.4.8

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:iosscope:eqversion:13.6 未満 (iphone 6s 以降)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.15.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad mini 4 以降)

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:6.2.8 未満 (apple watch series 1 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.6 未満 (ipod touch 第 7 世代)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad air 2 以降)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.4.8 未満 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.4.8 未満 (apple tv hd)

Trust: 0.8

sources: JVNDB: JVNDB-2020-010561 // NVD: CVE-2020-9863

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9863
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-010561
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1211
value: HIGH

Trust: 0.6

VULHUB: VHN-187988
value: HIGH

Trust: 0.1

VULMON: CVE-2020-9863
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-9863
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-010561
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-187988
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9863
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-010561
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-187988 // VULMON: CVE-2020-9863 // JVNDB: JVNDB-2020-010561 // CNNVD: CNNVD-202010-1211 // NVD: CVE-2020-9863

PROBLEMTYPE DATA

problemtype:CWE-665

Trust: 1.9

sources: VULHUB: VHN-187988 // JVNDB: JVNDB-2020-010561 // NVD: CVE-2020-9863

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1211

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-1211

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010561

PATCH
title:HT211291url:https://support.apple.com/en-us/HT211291
Trust: 0.8
title:HT211288url:https://support.apple.com/en-us/HT211288
Trust: 0.8
title:HT211289url:https://support.apple.com/en-us/HT211289
Trust: 0.8
title:HT211290url:https://support.apple.com/en-us/HT211290
Trust: 0.8
title:HT211288url:https://support.apple.com/ja-jp/HT211288
Trust: 0.8
title:HT211289url:https://support.apple.com/ja-jp/HT211289
Trust: 0.8
title:HT211290url:https://support.apple.com/ja-jp/HT211290
Trust: 0.8
title:HT211291url:https://support.apple.com/ja-jp/HT211291
Trust: 0.8
title:Multiple  Apple Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134457
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-010561 // 
            
            
            
            CNNVD: CNNVD-202010-1211

EXTERNAL IDS
db:NVDid:CVE-2020-9863
Trust: 2.6
db:JVNid:JVNVU94090210
Trust: 0.8
db:JVNDBid:JVNDB-2020-010561
Trust: 0.8
db:CNNVDid:CNNVD-202010-1211
Trust: 0.7
db:NSFOCUSid:50083
Trust: 0.6
db:CNVDid:CNVD-2020-65941
Trust: 0.1
db:VULHUBid:VHN-187988
Trust: 0.1
db:VULMONid:CVE-2020-9863
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187988 // 
            
            
            
            VULMON: CVE-2020-9863 // 
            
            
            
            JVNDB: JVNDB-2020-010561 // 
            
            
            
            CNNVD: CNNVD-202010-1211 // 
            
            
            
            NVD: CVE-2020-9863

REFERENCES
url:https://support.apple.com/kb/ht211288
Trust: 1.8
url:https://support.apple.com/kb/ht211289
Trust: 1.8
url:https://support.apple.com/kb/ht211290
Trust: 1.8
url:https://support.apple.com/kb/ht211291
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9863
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9863
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94090210/index.html
Trust: 0.8
url:https://support.apple.com/en-us/ht211291
Trust: 0.6
url:http://www.nsfocus.net/vulndb/50083
Trust: 0.6
url:https://support.apple.com/en-us/ht211290
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/665.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187988 // 
            
            
            
            VULMON: CVE-2020-9863 // 
            
            
            
            JVNDB: JVNDB-2020-010561 // 
            
            
            
            CNNVD: CNNVD-202010-1211 // 
            
            
            
            NVD: CVE-2020-9863

SOURCES
db:VULHUBid:VHN-187988
db:VULMONid:CVE-2020-9863
db:JVNDBid:JVNDB-2020-010561
db:CNNVDid:CNNVD-202010-1211
db:NVDid:CVE-2020-9863

LAST UPDATE DATE
2024-11-23T19:34:08.486000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-187988date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-9863date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2020-010561date:2021-01-27T05:46:56
db:CNNVDid:CNNVD-202010-1211date:2021-11-03T00:00:00
db:NVDid:CVE-2020-9863date:2024-11-21T05:41:25.833

SOURCES RELEASE DATE
db:VULHUBid:VHN-187988date:2020-10-22T00:00:00
db:VULMONid:CVE-2020-9863date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2020-010561date:2021-01-27T05:46:56
db:CNNVDid:CNNVD-202010-1211date:2020-10-22T00:00:00
db:NVDid:CVE-2020-9863date:2020-10-22T18:15:13.987