Sign-up

ID

VAR-202010-1303


CVE

CVE-2020-9904


TITLE

plural  Apple  Memory corruption vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-012698

DESCRIPTION

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges. Apple watchOS and so on are all products of Apple (Apple). Apple watchOS is a smart watch operating system. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers

Trust: 1.8

sources: NVD: CVE-2020-9904 // JVNDB: JVNDB-2020-012698 // VULHUB: VHN-188029 // VULMON: CVE-2020-9904

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.15.6

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.2.8

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.4.8

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.6

Trust: 1.0

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope:ltversion:6.2.8 less than (apple watch series 1 or later )

Trust: 0.8

sources: JVNDB: JVNDB-2020-012698 // NVD: CVE-2020-9904

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9904
value: HIGH

Trust: 1.0

NVD: CVE-2020-9904
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1231
value: HIGH

Trust: 0.6

VULHUB: VHN-188029
value: HIGH

Trust: 0.1

VULMON: CVE-2020-9904
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-9904
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-188029
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9904
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-9904
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-188029 // VULMON: CVE-2020-9904 // JVNDB: JVNDB-2020-012698 // CNNVD: CNNVD-202010-1231 // NVD: CVE-2020-9904

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-188029 // JVNDB: JVNDB-2020-012698 // NVD: CVE-2020-9904

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1231

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1231

PATCH

title:HT211290 Apple  Security updateurl:https://support.apple.com/en-us/HT211288

Trust: 0.8

title:Multiple Apple Product security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=132072

Trust: 0.6

sources: JVNDB: JVNDB-2020-012698 // CNNVD: CNNVD-202010-1231

EXTERNAL IDS

db:NVDid:CVE-2020-9904

Trust: 2.6

db:JVNid:JVNVU94090210

Trust: 0.8

db:JVNDBid:JVNDB-2020-012698

Trust: 0.8

db:CNNVDid:CNNVD-202010-1231

Trust: 0.7

db:NSFOCUSid:50122

Trust: 0.6

db:CNVDid:CNVD-2020-61632

Trust: 0.1

db:VULHUBid:VHN-188029

Trust: 0.1

db:VULMONid:CVE-2020-9904

Trust: 0.1

sources: VULHUB: VHN-188029 // VULMON: CVE-2020-9904 // JVNDB: JVNDB-2020-012698 // CNNVD: CNNVD-202010-1231 // NVD: CVE-2020-9904

REFERENCES

url:https://support.apple.com/kb/ht211288

Trust: 1.8

url:https://support.apple.com/kb/ht211289

Trust: 1.8

url:https://support.apple.com/kb/ht211290

Trust: 1.8

url:https://support.apple.com/kb/ht211291

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-9904

Trust: 1.4

url:http://jvn.jp/vu/jvnvu94090210/index.html

Trust: 0.8

url:https://support.apple.com/en-us/ht211291

Trust: 0.6

url:http://www.nsfocus.net/vulndb/50122

Trust: 0.6

url:https://support.apple.com/en-us/ht211290

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-188029 // VULMON: CVE-2020-9904 // JVNDB: JVNDB-2020-012698 // CNNVD: CNNVD-202010-1231 // NVD: CVE-2020-9904

SOURCES

db:VULHUBid:VHN-188029
db:VULMONid:CVE-2020-9904
db:JVNDBid:JVNDB-2020-012698
db:CNNVDid:CNNVD-202010-1231
db:NVDid:CVE-2020-9904

LAST UPDATE DATE

2024-11-23T21:25:14.670000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-188029date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-9904date:2020-10-29T00:00:00
db:JVNDBid:JVNDB-2020-012698date:2021-05-24T06:32:00
db:CNNVDid:CNNVD-202010-1231date:2023-01-10T00:00:00
db:NVDid:CVE-2020-9904date:2024-11-21T05:41:30.013

SOURCES RELEASE DATE

db:VULHUBid:VHN-188029date:2020-10-22T00:00:00
db:VULMONid:CVE-2020-9904date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2020-012698date:2021-05-24T00:00:00
db:CNNVDid:CNNVD-202010-1231date:2020-10-22T00:00:00
db:NVDid:CVE-2020-9904date:2020-10-22T19:15:14.260