Details of VAR-202012-1511

ID

VAR-202012-1511

CVE

CVE-2020-9942

TITLE

macOS and Safari User Interface Mismatch Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-014204

DESCRIPTION

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing. macOS and Safari Exists in a user interface mismatch vulnerability due to poor state management.malicious Web The address bar can be spoofed through access to the site. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)

Trust: 1.8

sources: NVD: CVE-2020-9942 // JVNDB: JVNDB-2020-014204 // VULHUB: VHN-188067 // VULMON: CVE-2020-9942

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lt	version:	13.1.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	11.0.1	Trust: 1.0
vendor:	アップル	model:	apple mac os x	scope:	lt	version:	(mac mini 2014 or later )	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	lt	version:	(macbook air 2013 or later )	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	lt	version:	(imac pro all models )	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	lt	version:	(imac 2014 or later )	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	lt	version:	(macbook pro late 2013 or later )	Trust: 0.8
vendor:	アップル	model:	safari	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	lt	version:	(mac pro 2013 or later )	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	lt	version:	(macbook 2015 or later )	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	11.0.1	Trust: 0.8

sources: JVNDB: JVNDB-2020-014204 // NVD: CVE-2020-9942

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9942
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-9942
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-1349
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-188067
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-9942
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9942
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-188067
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9942
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9942
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-188067 // VULMON: CVE-2020-9942 // JVNDB: JVNDB-2020-014204 // CNNVD: CNNVD-202011-1349 // NVD: CVE-2020-9942

PROBLEMTYPE DATA

problemtype:	CWE-1021	Trust: 1.0
problemtype:	Inappropriate restrictions on rendered user interface layers or frames (CWE-1021) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014204 // NVD: CVE-2020-9942

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1349

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-1349

PATCH

title:	HT211292 Apple Security update	url:	https://support.apple.com/en-us/HT211292	Trust: 0.8
title:	Apple Safari Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134644	Trust: 0.6

sources: JVNDB: JVNDB-2020-014204 // CNNVD: CNNVD-202011-1349

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9942	Trust: 2.6
db:	JVN	id:	JVNVU99462952	Trust: 0.8
db:	JVN	id:	JVNVU94090210	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-014204	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.4060	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4060.2	Trust: 0.6
db:	CNNVD	id:	CNNVD-202011-1349	Trust: 0.6
db:	VULHUB	id:	VHN-188067	Trust: 0.1
db:	VULMON	id:	CVE-2020-9942	Trust: 0.1

sources: VULHUB: VHN-188067 // VULMON: CVE-2020-9942 // JVNDB: JVNDB-2020-014204 // CNNVD: CNNVD-202011-1349 // NVD: CVE-2020-9942

REFERENCES

url:	http://seclists.org/fulldisclosure/2020/dec/32	Trust: 1.9
url:	https://support.apple.com/en-us/ht211292	Trust: 1.8
url:	https://support.apple.com/en-us/ht211931	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9942	Trust: 1.4
url:	http://jvn.jp/vu/jvnvu94090210/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99462952/index.html	Trust: 0.8
url:	https://vigilance.fr/vulnerability/apple-macos-11-multiple-vulnerabilities-33899	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4060/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4060.2/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/1021.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-188067 // VULMON: CVE-2020-9942 // JVNDB: JVNDB-2020-014204 // CNNVD: CNNVD-202011-1349 // NVD: CVE-2020-9942

SOURCES

db:	VULHUB	id:	VHN-188067
db:	VULMON	id:	CVE-2020-9942
db:	JVNDB	id:	JVNDB-2020-014204
db:	CNNVD	id:	CNNVD-202011-1349
db:	NVD	id:	CVE-2020-9942

LAST UPDATE DATE

2024-11-23T20:34:23.790000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-188067	date:	2022-06-02T00:00:00
db:	VULMON	id:	CVE-2020-9942	date:	2020-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-014204	date:	2021-08-11T03:01:00
db:	CNNVD	id:	CNNVD-202011-1349	date:	2020-12-24T00:00:00
db:	NVD	id:	CVE-2020-9942	date:	2024-11-21T05:41:34.190

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-188067	date:	2020-12-08T00:00:00
db:	VULMON	id:	CVE-2020-9942	date:	2020-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-014204	date:	2021-08-11T00:00:00
db:	CNNVD	id:	CNNVD-202011-1349	date:	2020-11-13T00:00:00
db:	NVD	id:	CVE-2020-9942	date:	2020-12-08T20:15:16.230