Details of VAR-202010-1305

ID

VAR-202010-1305

CVE

CVE-2020-9796

TITLE

mac OS Race condition vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010560

DESCRIPTION

A race condition was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers

Trust: 1.8

sources: NVD: CVE-2020-9796 // JVNDB: JVNDB-2020-010560 // VULHUB: VHN-187921 // VULMON: CVE-2020-9796

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.4	Trust: 0.8

sources: JVNDB: JVNDB-2020-010560 // NVD: CVE-2020-9796

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9796
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-010560
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-1207
value:	HIGH
Trust: 0.6
VULHUB:	VHN-187921
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-9796
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9796
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-010560
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-187921
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9796
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-010560
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187921 // VULMON: CVE-2020-9796 // JVNDB: JVNDB-2020-010560 // CNNVD: CNNVD-202010-1207 // NVD: CVE-2020-9796

PROBLEMTYPE DATA

problemtype:

CWE-362

Trust: 1.9

sources: VULHUB: VHN-187921 // JVNDB: JVNDB-2020-010560 // NVD: CVE-2020-9796

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1207

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-202010-1207

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-010560

PATCH

title:	HT211170	url:	https://support.apple.com/en-us/HT211170	Trust: 0.8
title:	HT211170	url:	https://support.apple.com/ja-jp/HT211170	Trust: 0.8
title:	Apple macOS Catalina Repair measures for the competition condition problem loophole	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131674	Trust: 0.6

sources: JVNDB: JVNDB-2020-010560 // CNNVD: CNNVD-202010-1207

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9796	Trust: 2.6
db:	JVN	id:	JVNVU98042162	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-010560	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-1207	Trust: 0.7
db:	CNVD	id:	CNVD-2020-60725	Trust: 0.1
db:	VULHUB	id:	VHN-187921	Trust: 0.1
db:	VULMON	id:	CVE-2020-9796	Trust: 0.1

sources: VULHUB: VHN-187921 // VULMON: CVE-2020-9796 // JVNDB: JVNDB-2020-010560 // CNNVD: CNNVD-202010-1207 // NVD: CVE-2020-9796

REFERENCES

url:	https://support.apple.com/kb/ht211170	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9796	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9796	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98042162/index.html	Trust: 0.8
url:	https://support.apple.com/en-us/ht211170	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/362.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-187921 // VULMON: CVE-2020-9796 // JVNDB: JVNDB-2020-010560 // CNNVD: CNNVD-202010-1207 // NVD: CVE-2020-9796

SOURCES

db:	VULHUB	id:	VHN-187921
db:	VULMON	id:	CVE-2020-9796
db:	JVNDB	id:	JVNDB-2020-010560
db:	CNNVD	id:	CNNVD-202010-1207
db:	NVD	id:	CVE-2020-9796

LAST UPDATE DATE

2024-11-23T21:05:54.438000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187921	date:	2020-10-27T00:00:00
db:	VULMON	id:	CVE-2020-9796	date:	2020-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-010560	date:	2021-01-27T05:46:54
db:	CNNVD	id:	CNNVD-202010-1207	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2020-9796	date:	2024-11-21T05:41:18.127

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187921	date:	2020-10-22T00:00:00
db:	VULMON	id:	CVE-2020-9796	date:	2020-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-010560	date:	2021-01-27T05:46:54
db:	CNNVD	id:	CNNVD-202010-1207	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2020-9796	date:	2020-10-22T18:15:13.597