Sign-up

ID

VAR-202010-1299


CVE

CVE-2020-9900


TITLE

plural Apple Product path validation logic vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-010475

DESCRIPTION

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges. plural Apple The product contains a flaw in the path sanitization process for symbolic links due to a flaw in the path validation logic.A local attacker could elevate privileges. Apple tvOS and others are all products of Apple (Apple). Apple tvOS is a smart TV operating system. tvOS is a smart TV operating system. Apple watchOS is a smart watch operating system

Trust: 1.8

sources: NVD: CVE-2020-9900 // JVNDB: JVNDB-2020-010475 // VULHUB: VHN-188025 // VULMON: CVE-2020-9900

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.15.6

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.2.8

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.4.8

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:iosscope:eqversion:13.6 未満 (iphone 6s 以降)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.15.5

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad mini 4 以降)

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:6.2.8 未満 (apple watch series 1 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.6 未満 (ipod touch 第 7 世代)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad air 2 以降)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.4.8 未満 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.4.8 未満 (apple tv hd)

Trust: 0.8

sources: JVNDB: JVNDB-2020-010475 // NVD: CVE-2020-9900

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9900
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-010475
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1223
value: HIGH

Trust: 0.6

VULHUB: VHN-188025
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9900
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9900
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-010475
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-188025
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9900
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-010475
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-188025 // VULMON: CVE-2020-9900 // JVNDB: JVNDB-2020-010475 // CNNVD: CNNVD-202010-1223 // NVD: CVE-2020-9900

PROBLEMTYPE DATA

problemtype:CWE-59

Trust: 1.9

sources: VULHUB: VHN-188025 // JVNDB: JVNDB-2020-010475 // NVD: CVE-2020-9900

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1223

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-202010-1223

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010475

PATCH
title:HT211291url:https://support.apple.com/en-us/HT211291
Trust: 0.8
title:HT211288url:https://support.apple.com/en-us/HT211288
Trust: 0.8
title:HT211289url:https://support.apple.com/en-us/HT211289
Trust: 0.8
title:HT211290url:https://support.apple.com/en-us/HT211290
Trust: 0.8
title:HT211288url:https://support.apple.com/ja-jp/HT211288
Trust: 0.8
title:HT211289url:https://support.apple.com/ja-jp/HT211289
Trust: 0.8
title:HT211290url:https://support.apple.com/ja-jp/HT211290
Trust: 0.8
title:HT211291url:https://support.apple.com/ja-jp/HT211291
Trust: 0.8
title:Apple tvOS Post-link vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131684
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-010475 // 
            
            
            
            CNNVD: CNNVD-202010-1223

EXTERNAL IDS
db:NVDid:CVE-2020-9900
Trust: 2.6
db:JVNid:JVNVU94090210
Trust: 0.8
db:JVNDBid:JVNDB-2020-010475
Trust: 0.8
db:CNNVDid:CNNVD-202010-1223
Trust: 0.7
db:NSFOCUSid:50017
Trust: 0.6
db:CNVDid:CNVD-2020-65945
Trust: 0.1
db:VULHUBid:VHN-188025
Trust: 0.1
db:VULMONid:CVE-2020-9900
Trust: 0.1
sources:
            
            
            VULHUB: VHN-188025 // 
            
            
            
            VULMON: CVE-2020-9900 // 
            
            
            
            JVNDB: JVNDB-2020-010475 // 
            
            
            
            CNNVD: CNNVD-202010-1223 // 
            
            
            
            NVD: CVE-2020-9900

REFERENCES
url:https://support.apple.com/kb/ht211288
Trust: 1.8
url:https://support.apple.com/kb/ht211289
Trust: 1.8
url:https://support.apple.com/kb/ht211290
Trust: 1.8
url:https://support.apple.com/kb/ht211291
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9900
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9900
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94090210/index.html
Trust: 0.8
url:https://support.apple.com/en-us/ht211291
Trust: 0.6
url:http://www.nsfocus.net/vulndb/50017
Trust: 0.6
url:https://support.apple.com/en-us/ht211290
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/59.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-188025 // 
            
            
            
            VULMON: CVE-2020-9900 // 
            
            
            
            JVNDB: JVNDB-2020-010475 // 
            
            
            
            CNNVD: CNNVD-202010-1223 // 
            
            
            
            NVD: CVE-2020-9900

SOURCES
db:VULHUBid:VHN-188025
db:VULMONid:CVE-2020-9900
db:JVNDBid:JVNDB-2020-010475
db:CNNVDid:CNNVD-202010-1223
db:NVDid:CVE-2020-9900

LAST UPDATE DATE
2024-11-23T20:32:51.085000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-188025date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-9900date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2020-010475date:2021-01-19T05:15:54
db:CNNVDid:CNNVD-202010-1223date:2021-11-03T00:00:00
db:NVDid:CVE-2020-9900date:2024-11-21T05:41:29.610

SOURCES RELEASE DATE
db:VULHUBid:VHN-188025date:2020-10-22T00:00:00
db:VULMONid:CVE-2020-9900date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2020-010475date:2021-01-19T05:15:54
db:CNNVDid:CNNVD-202010-1223date:2020-10-22T00:00:00
db:NVDid:CVE-2020-9900date:2020-10-22T18:15:15.533