Details of VAR-202010-1270

ID

VAR-202010-1270

CVE

CVE-2020-9868

TITLE

plural Apple Product validation vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-010562

DESCRIPTION

A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. The following products and versions are affected: iOS prior to 13.6, iPadOS prior to 13.6, macOS Catalina prior to 10.15.6, tvOS prior to 13.4.8, and watchOS prior to 6.2.8 have been fixed

Trust: 1.8

sources: NVD: CVE-2020-9868 // JVNDB: JVNDB-2020-010562 // VULHUB: VHN-187993 // VULMON: CVE-2020-9868

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.6	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	6.2.8	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	13.6	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	13.4.8	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	13.6	Trust: 1.0
vendor:	apple	model:	ios	scope:	eq	version:	13.6 未満 (iphone 6s 以降)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.5	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.6	Trust: 0.8
vendor:	apple	model:	ipados	scope:	eq	version:	13.6 未満 (ipad mini 4 以降)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	eq	version:	6.2.8 未満 (apple watch series 1 以降)	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	13.6 未満 (ipod touch 第 7 世代)	Trust: 0.8
vendor:	apple	model:	ipados	scope:	eq	version:	13.6 未満 (ipad air 2 以降)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	eq	version:	13.4.8 未満 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	eq	version:	13.4.8 未満 (apple tv hd)	Trust: 0.8

sources: JVNDB: JVNDB-2020-010562 // NVD: CVE-2020-9868

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9868
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-010562
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202010-1212
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-187993
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-9868
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9868
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-010562
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-187993
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9868
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-010562
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187993 // VULMON: CVE-2020-9868 // JVNDB: JVNDB-2020-010562 // CNNVD: CNNVD-202010-1212 // NVD: CVE-2020-9868

PROBLEMTYPE DATA

problemtype:

CWE-295

Trust: 1.9

sources: VULHUB: VHN-187993 // JVNDB: JVNDB-2020-010562 // NVD: CVE-2020-9868

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1212

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202010-1212

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-010562

PATCH

title:	HT211291	url:	https://support.apple.com/en-us/HT211291	Trust: 0.8
title:	HT211288	url:	https://support.apple.com/en-us/HT211288	Trust: 0.8
title:	HT211289	url:	https://support.apple.com/en-us/HT211289	Trust: 0.8
title:	HT211290	url:	https://support.apple.com/en-us/HT211290	Trust: 0.8
title:	HT211288	url:	https://support.apple.com/ja-jp/HT211288	Trust: 0.8
title:	HT211289	url:	https://support.apple.com/ja-jp/HT211289	Trust: 0.8
title:	HT211290	url:	https://support.apple.com/ja-jp/HT211290	Trust: 0.8
title:	HT211291	url:	https://support.apple.com/ja-jp/HT211291	Trust: 0.8
title:	Apple Repair measures for vulnerabilities in trust management issues of multiple products	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131675	Trust: 0.6

sources: JVNDB: JVNDB-2020-010562 // CNNVD: CNNVD-202010-1212

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9868	Trust: 2.6
db:	JVN	id:	JVNVU94090210	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-010562	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-1212	Trust: 0.7
db:	CNVD	id:	CNVD-2020-61932	Trust: 0.1
db:	VULHUB	id:	VHN-187993	Trust: 0.1
db:	VULMON	id:	CVE-2020-9868	Trust: 0.1

sources: VULHUB: VHN-187993 // VULMON: CVE-2020-9868 // JVNDB: JVNDB-2020-010562 // CNNVD: CNNVD-202010-1212 // NVD: CVE-2020-9868

REFERENCES

url:	https://support.apple.com/kb/ht211288	Trust: 1.8
url:	https://support.apple.com/kb/ht211289	Trust: 1.8
url:	https://support.apple.com/kb/ht211290	Trust: 1.8
url:	https://support.apple.com/kb/ht211291	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9868	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9868	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94090210/index.html	Trust: 0.8
url:	https://support.apple.com/en-us/ht211291	Trust: 0.6
url:	https://support.apple.com/en-us/ht211290	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/295.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-187993 // VULMON: CVE-2020-9868 // JVNDB: JVNDB-2020-010562 // CNNVD: CNNVD-202010-1212 // NVD: CVE-2020-9868

SOURCES

db:	VULHUB	id:	VHN-187993
db:	VULMON	id:	CVE-2020-9868
db:	JVNDB	id:	JVNDB-2020-010562
db:	CNNVD	id:	CNNVD-202010-1212
db:	NVD	id:	CVE-2020-9868

LAST UPDATE DATE

2024-11-23T20:19:11.677000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187993	date:	2023-01-09T00:00:00
db:	VULMON	id:	CVE-2020-9868	date:	2020-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-010562	date:	2021-01-27T05:46:57
db:	CNNVD	id:	CNNVD-202010-1212	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2020-9868	date:	2024-11-21T05:41:26.273

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187993	date:	2020-10-22T00:00:00
db:	VULMON	id:	CVE-2020-9868	date:	2020-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-010562	date:	2021-01-27T05:46:57
db:	CNNVD	id:	CNNVD-202010-1212	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2020-9868	date:	2020-10-22T18:15:14.050