Sign-up

ID

VAR-202010-1300


CVE

CVE-2020-9901


TITLE

plural  Apple  Product vulnerabilities related to symbolic link path validation logic

Trust: 0.8

sources: JVNDB: JVNDB-2020-012697

DESCRIPTION

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges. plural Apple The product contains a vulnerability in the path validation logic of symbolic links due to a flaw in the path sanitization process.A local attacker could elevate privileges. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets

Trust: 1.8

sources: NVD: CVE-2020-9901 // JVNDB: JVNDB-2020-012697 // VULHUB: VHN-188026 // VULMON: CVE-2020-9901

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.15.6

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.4.8

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.6

Trust: 1.0

vendor:アップルmodel:tvosscope:ltversion:13.4.8 less than (apple tv 4k)

Trust: 0.8

vendor:アップルmodel:tvosscope:ltversion:13.4.8 less than (apple tv hd)

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012697 // NVD: CVE-2020-9901

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9901
value: HIGH

Trust: 1.0

NVD: CVE-2020-9901
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1229
value: HIGH

Trust: 0.6

VULHUB: VHN-188026
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9901
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9901
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-188026
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9901
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-9901
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-188026 // VULMON: CVE-2020-9901 // JVNDB: JVNDB-2020-012697 // CNNVD: CNNVD-202010-1229 // NVD: CVE-2020-9901

PROBLEMTYPE DATA

problemtype:CWE-59

Trust: 1.1

problemtype:Link interpretation problem (CWE-59) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-188026 // JVNDB: JVNDB-2020-012697 // NVD: CVE-2020-9901

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1229

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-202010-1229

PATCH

title:HT211289 Apple  Security updateurl:https://support.apple.com/en-us/HT211288

Trust: 0.8

title:Apple Repair measures for post-link vulnerabilities in multiple productsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131845

Trust: 0.6

sources: JVNDB: JVNDB-2020-012697 // CNNVD: CNNVD-202010-1229

EXTERNAL IDS

db:NVDid:CVE-2020-9901

Trust: 2.6

db:JVNid:JVNVU94090210

Trust: 0.8

db:JVNDBid:JVNDB-2020-012697

Trust: 0.8

db:CNNVDid:CNNVD-202010-1229

Trust: 0.7

db:NSFOCUSid:50059

Trust: 0.6

db:CNVDid:CNVD-2020-61930

Trust: 0.1

db:VULHUBid:VHN-188026

Trust: 0.1

db:VULMONid:CVE-2020-9901

Trust: 0.1

sources: VULHUB: VHN-188026 // VULMON: CVE-2020-9901 // JVNDB: JVNDB-2020-012697 // CNNVD: CNNVD-202010-1229 // NVD: CVE-2020-9901

REFERENCES

url:https://support.apple.com/kb/ht211288

Trust: 1.8

url:https://support.apple.com/kb/ht211289

Trust: 1.8

url:https://support.apple.com/kb/ht211290

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-9901

Trust: 1.4

url:http://jvn.jp/vu/jvnvu94090210/index.html

Trust: 0.8

url:http://www.nsfocus.net/vulndb/50059

Trust: 0.6

url:https://support.apple.com/en-us/ht211290

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/59.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-188026 // VULMON: CVE-2020-9901 // JVNDB: JVNDB-2020-012697 // CNNVD: CNNVD-202010-1229 // NVD: CVE-2020-9901

SOURCES

db:VULHUBid:VHN-188026
db:VULMONid:CVE-2020-9901
db:JVNDBid:JVNDB-2020-012697
db:CNNVDid:CNNVD-202010-1229
db:NVDid:CVE-2020-9901

LAST UPDATE DATE

2024-11-23T19:56:04.492000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-188026date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-9901date:2020-10-29T00:00:00
db:JVNDBid:JVNDB-2020-012697date:2021-05-24T06:32:00
db:CNNVDid:CNNVD-202010-1229date:2021-10-29T00:00:00
db:NVDid:CVE-2020-9901date:2024-11-21T05:41:29.713

SOURCES RELEASE DATE

db:VULHUBid:VHN-188026date:2020-10-22T00:00:00
db:VULMONid:CVE-2020-9901date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2020-012697date:2021-05-24T00:00:00
db:CNNVDid:CNNVD-202010-1229date:2020-10-22T00:00:00
db:NVDid:CVE-2020-9901date:2020-10-22T19:15:14.103