Sign-up

ID

VAR-202010-1293


CVE

CVE-2020-9892


TITLE

plural Apple Multiple memory corruption vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-010472

DESCRIPTION

Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets

Trust: 1.8

sources: NVD: CVE-2020-9892 // JVNDB: JVNDB-2020-010472 // VULHUB: VHN-188017 // VULMON: CVE-2020-9892

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.15.6

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.2.8

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.13.6

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.4.8

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:iosscope:eqversion:13.6 未満 (iphone 6s 以降)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.15.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad mini 4 以降)

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:6.2.8 未満 (apple watch series 1 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.6 未満 (ipod touch 第 7 世代)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad air 2 以降)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.4.8 未満 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.4.8 未満 (apple tv hd)

Trust: 0.8

sources: JVNDB: JVNDB-2020-010472 // NVD: CVE-2020-9892

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9892
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-010472
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1220
value: HIGH

Trust: 0.6

VULHUB: VHN-188017
value: HIGH

Trust: 0.1

VULMON: CVE-2020-9892
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-9892
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-010472
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-188017
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9892
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-010472
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-188017 // VULMON: CVE-2020-9892 // JVNDB: JVNDB-2020-010472 // CNNVD: CNNVD-202010-1220 // NVD: CVE-2020-9892

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-188017 // JVNDB: JVNDB-2020-010472 // NVD: CVE-2020-9892

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1220

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1220

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010472

PATCH
title:HT211291url:https://support.apple.com/en-us/HT211291
Trust: 0.8
title:HT211288url:https://support.apple.com/en-us/HT211288
Trust: 0.8
title:HT211289url:https://support.apple.com/en-us/HT211289
Trust: 0.8
title:HT211290url:https://support.apple.com/en-us/HT211290
Trust: 0.8
title:HT211288url:https://support.apple.com/ja-jp/HT211288
Trust: 0.8
title:HT211289url:https://support.apple.com/ja-jp/HT211289
Trust: 0.8
title:HT211290url:https://support.apple.com/ja-jp/HT211290
Trust: 0.8
title:HT211291url:https://support.apple.com/ja-jp/HT211291
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-010472

EXTERNAL IDS
db:NVDid:CVE-2020-9892
Trust: 2.6
db:JVNid:JVNVU94090210
Trust: 0.8
db:JVNDBid:JVNDB-2020-010472
Trust: 0.8
db:CNNVDid:CNNVD-202010-1220
Trust: 0.7
db:NSFOCUSid:50085
Trust: 0.6
db:CNVDid:CNVD-2020-65942
Trust: 0.1
db:VULHUBid:VHN-188017
Trust: 0.1
db:VULMONid:CVE-2020-9892
Trust: 0.1
sources:
            
            
            VULHUB: VHN-188017 // 
            
            
            
            VULMON: CVE-2020-9892 // 
            
            
            
            JVNDB: JVNDB-2020-010472 // 
            
            
            
            CNNVD: CNNVD-202010-1220 // 
            
            
            
            NVD: CVE-2020-9892

REFERENCES
url:https://support.apple.com/kb/ht211288
Trust: 1.8
url:https://support.apple.com/kb/ht211289
Trust: 1.8
url:https://support.apple.com/kb/ht211290
Trust: 1.8
url:https://support.apple.com/kb/ht211291
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9892
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9892
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94090210/index.html
Trust: 0.8
url:https://support.apple.com/en-us/ht211291
Trust: 0.6
url:https://vigilance.fr/vulnerability/freebsd-xnu-ios-macos-use-after-free-via-ip6-exthdr-check-34916
Trust: 0.6
url:http://www.nsfocus.net/vulndb/50085
Trust: 0.6
url:https://support.apple.com/en-us/ht211290
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-188017 // 
            
            
            
            VULMON: CVE-2020-9892 // 
            
            
            
            JVNDB: JVNDB-2020-010472 // 
            
            
            
            CNNVD: CNNVD-202010-1220 // 
            
            
            
            NVD: CVE-2020-9892

SOURCES
db:VULHUBid:VHN-188017
db:VULMONid:CVE-2020-9892
db:JVNDBid:JVNDB-2020-010472
db:CNNVDid:CNNVD-202010-1220
db:NVDid:CVE-2020-9892

LAST UPDATE DATE
2024-11-23T20:51:13.516000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-188017date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-9892date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2020-010472date:2021-01-19T05:15:49
db:CNNVDid:CNNVD-202010-1220date:2023-01-10T00:00:00
db:NVDid:CVE-2020-9892date:2024-11-21T05:41:28.867

SOURCES RELEASE DATE
db:VULHUBid:VHN-188017date:2020-10-22T00:00:00
db:VULMONid:CVE-2020-9892date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2020-010472date:2021-01-19T05:15:49
db:CNNVDid:CNNVD-202010-1220date:2020-10-22T00:00:00
db:NVDid:CVE-2020-9892date:2020-10-22T18:15:15.317