Sign-up

ID

VAR-202012-1514


CVE

CVE-2020-9945


TITLE

macOS  and  safari  of  URL  Spoofing vulnerability in processing

Trust: 0.8

sources: JVNDB: JVNDB-2020-014207

DESCRIPTION

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing. macOS and safari of URL There is a spoofing vulnerability in the processing of, because there is a flaw in the processing related to input validation.malicious Web The address bar can be spoofed through site visits. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)

Trust: 1.71

sources: NVD: CVE-2020-9945 // JVNDB: JVNDB-2020-014207 // VULHUB: VHN-188070

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:11.0.1

Trust: 1.0

vendor:applemodel:safariscope:ltversion:14.0.1

Trust: 1.0

vendor:アップルmodel:apple mac os xscope:ltversion:(mac mini 2014 or later )

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:ltversion:(macbook air 2013 or later )

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:ltversion:(imac pro all models )

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:ltversion:(imac 2014 or later )

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:ltversion:(macbook pro late 2013 or later )

Trust: 0.8

vendor:アップルmodel:safariscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:ltversion:(mac pro 2013 or later )

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:ltversion:(macbook 2015 or later )

Trust: 0.8

vendor:アップルmodel:apple mac os xscope:eqversion:11.0.1

Trust: 0.8

sources: JVNDB: JVNDB-2020-014207 // NVD: CVE-2020-9945

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9945
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-9945
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202011-1362
value: MEDIUM

Trust: 0.6

VULHUB: VHN-188070
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9945
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-188070
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9945
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2020-9945
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-188070 // JVNDB: JVNDB-2020-014207 // CNNVD: CNNVD-202011-1362 // NVD: CVE-2020-9945

PROBLEMTYPE DATA

problemtype:CWE-1021

Trust: 1.0

problemtype:Inappropriate restrictions on rendered user interface layers or frames (CWE-1021) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-014207 // NVD: CVE-2020-9945

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1362

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-1362

PATCH

title:HT211931 Apple  Security updateurl:https://support.apple.com/en-us/HT211931

Trust: 0.8

title:Apple Safari Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134657

Trust: 0.6

sources: JVNDB: JVNDB-2020-014207 // CNNVD: CNNVD-202011-1362

EXTERNAL IDS

db:NVDid:CVE-2020-9945

Trust: 2.5

db:JVNid:JVNVU99462952

Trust: 0.8

db:JVNDBid:JVNDB-2020-014207

Trust: 0.8

db:AUSCERTid:ESB-2020.4060

Trust: 0.6

db:AUSCERTid:ESB-2020.4060.2

Trust: 0.6

db:CNNVDid:CNNVD-202011-1362

Trust: 0.6

db:VULHUBid:VHN-188070

Trust: 0.1

sources: VULHUB: VHN-188070 // JVNDB: JVNDB-2020-014207 // CNNVD: CNNVD-202011-1362 // NVD: CVE-2020-9945

REFERENCES

url:http://seclists.org/fulldisclosure/2020/dec/32

Trust: 1.7

url:https://support.apple.com/en-us/ht211931

Trust: 1.7

url:https://support.apple.com/en-us/ht211934

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-9945

Trust: 1.4

url:https://jvn.jp/vu/jvnvu99462952/

Trust: 0.8

url:https://vigilance.fr/vulnerability/apple-macos-11-multiple-vulnerabilities-33899

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4060/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4060.2/

Trust: 0.6

sources: VULHUB: VHN-188070 // JVNDB: JVNDB-2020-014207 // CNNVD: CNNVD-202011-1362 // NVD: CVE-2020-9945

SOURCES

db:VULHUBid:VHN-188070
db:JVNDBid:JVNDB-2020-014207
db:CNNVDid:CNNVD-202011-1362
db:NVDid:CVE-2020-9945

LAST UPDATE DATE

2024-11-23T19:52:34.724000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-188070date:2022-06-02T00:00:00
db:JVNDBid:JVNDB-2020-014207date:2021-08-11T03:01:00
db:CNNVDid:CNNVD-202011-1362date:2020-12-24T00:00:00
db:NVDid:CVE-2020-9945date:2024-11-21T05:41:34.543

SOURCES RELEASE DATE

db:VULHUBid:VHN-188070date:2020-12-08T00:00:00
db:JVNDBid:JVNDB-2020-014207date:2021-08-11T00:00:00
db:CNNVDid:CNNVD-202011-1362date:2020-11-13T00:00:00
db:NVDid:CVE-2020-9945date:2020-12-08T20:15:16.557