Sign-up

ID

VAR-202012-0751


CVE

CVE-2020-27900


TITLE

macOS  Snapshot handling vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-014243

DESCRIPTION

An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to preview files it does not have access to. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)

Trust: 1.71

sources: NVD: CVE-2020-27900 // JVNDB: JVNDB-2020-014243 // VULHUB: VHN-372011

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:11.0.1

Trust: 1.0

vendor:アップルmodel:apple mac os xscope:ltversion:(macbook pro late 2013 or later )

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:ltversion:(imac pro all models )

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:ltversion:(mac mini 2014 or later )

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:ltversion:(macbook air 2013 or later )

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:ltversion:(imac 2014 or later )

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:11.0.1

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:ltversion:(mac pro 2013 or later )

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:ltversion:(macbook 2015 or later )

Trust: 0.8

sources: JVNDB: JVNDB-2020-014243 // NVD: CVE-2020-27900

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-27900
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-27900
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202011-1355
value: MEDIUM

Trust: 0.6

VULHUB: VHN-372011
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-27900
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-372011
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-27900
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-27900
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-372011 // JVNDB: JVNDB-2020-014243 // CNNVD: CNNVD-202011-1355 // NVD: CVE-2020-27900

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

problemtype:CWE-200

Trust: 0.1

sources: VULHUB: VHN-372011 // JVNDB: JVNDB-2020-014243 // NVD: CVE-2020-27900

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-1355

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202011-1355

PATCH

title:HT211931 Apple  Security updateurl:https://support.apple.com/en-us/HT211931

Trust: 0.8

title:Apple NSRemoteView Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136649

Trust: 0.6

sources: JVNDB: JVNDB-2020-014243 // CNNVD: CNNVD-202011-1355

EXTERNAL IDS

db:NVDid:CVE-2020-27900

Trust: 2.5

db:JVNid:JVNVU99462952

Trust: 0.8

db:JVNDBid:JVNDB-2020-014243

Trust: 0.8

db:AUSCERTid:ESB-2020.4060

Trust: 0.6

db:AUSCERTid:ESB-2020.4060.2

Trust: 0.6

db:CNNVDid:CNNVD-202011-1355

Trust: 0.6

db:VULHUBid:VHN-372011

Trust: 0.1

sources: VULHUB: VHN-372011 // JVNDB: JVNDB-2020-014243 // CNNVD: CNNVD-202011-1355 // NVD: CVE-2020-27900

REFERENCES

url:http://seclists.org/fulldisclosure/2020/dec/32

Trust: 1.7

url:https://support.apple.com/en-us/ht211931

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-27900

Trust: 1.4

url:http://jvn.jp/vu/jvnvu99462952/

Trust: 0.8

url:https://vigilance.fr/vulnerability/apple-macos-11-multiple-vulnerabilities-33899

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4060/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4060.2/

Trust: 0.6

sources: VULHUB: VHN-372011 // JVNDB: JVNDB-2020-014243 // CNNVD: CNNVD-202011-1355 // NVD: CVE-2020-27900

SOURCES

db:VULHUBid:VHN-372011
db:JVNDBid:JVNDB-2020-014243
db:CNNVDid:CNNVD-202011-1355
db:NVDid:CVE-2020-27900

LAST UPDATE DATE

2024-11-23T21:21:59.336000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-372011date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-014243date:2021-08-12T08:50:00
db:CNNVDid:CNNVD-202011-1355date:2020-12-24T00:00:00
db:NVDid:CVE-2020-27900date:2024-11-21T05:22:00.797

SOURCES RELEASE DATE

db:VULHUBid:VHN-372011date:2020-12-08T00:00:00
db:JVNDBid:JVNDB-2020-014243date:2021-08-12T00:00:00
db:CNNVDid:CNNVD-202011-1355date:2020-11-13T00:00:00
db:NVDid:CVE-2020-27900date:2020-12-08T21:15:12.890