Sign-up

ID

VAR-202109-0170


CVE

CVE-2020-27940


TITLE

Fire OS  for  Apple TV  Vulnerabilities in applications

Trust: 0.8

sources: JVNDB: JVNDB-2020-017284

DESCRIPTION

This issue was addressed with improved file handling. This issue is fixed in Apple TV app for Fire OS 6.1.0.6A142:7.1.0. An attacker with file system access may modify scripts used by the app

Trust: 1.8

sources: NVD: CVE-2020-27940 // JVNDB: JVNDB-2020-017284 // VULHUB: VHN-372051 // VULMON: CVE-2020-27940

AFFECTED PRODUCTS

vendor:applemodel:tvscope:ltversion:5.1

Trust: 1.0

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope:eqversion: -

Trust: 0.8

vendor:アップルmodel:tvosscope:eqversion:5.1

Trust: 0.8

sources: JVNDB: JVNDB-2020-017284 // NVD: CVE-2020-27940

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-27940
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-27940
value: MEDIUM

Trust: 0.8

VULHUB: VHN-372051
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-27940
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-372051
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-27940
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2020-27940
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-372051 // JVNDB: JVNDB-2020-017284 // NVD: CVE-2020-27940

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-017284 // NVD: CVE-2020-27940

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202109-402

PATCH

title:HT212197 Apple  Security updateurl:https://support.apple.com/en-us/HT212197

Trust: 0.8

title:Apple TV app Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161811

Trust: 0.6

sources: JVNDB: JVNDB-2020-017284 // CNNVD: CNNVD-202109-402

EXTERNAL IDS

db:NVDid:CVE-2020-27940

Trust: 3.4

db:JVNDBid:JVNDB-2020-017284

Trust: 0.8

db:CNNVDid:CNNVD-202109-402

Trust: 0.7

db:VULHUBid:VHN-372051

Trust: 0.1

db:VULMONid:CVE-2020-27940

Trust: 0.1

sources: VULHUB: VHN-372051 // VULMON: CVE-2020-27940 // JVNDB: JVNDB-2020-017284 // CNNVD: CNNVD-202109-402 // NVD: CVE-2020-27940

REFERENCES

url:https://support.apple.com/en-us/ht212197

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-27940

Trust: 1.4

url:https://0xra.github.io/posts/apple-tv-code-execution/

Trust: 0.1

sources: VULHUB: VHN-372051 // VULMON: CVE-2020-27940 // JVNDB: JVNDB-2020-017284 // CNNVD: CNNVD-202109-402 // NVD: CVE-2020-27940

SOURCES

db:VULHUBid:VHN-372051
db:VULMONid:CVE-2020-27940
db:JVNDBid:JVNDB-2020-017284
db:CNNVDid:CNNVD-202109-402
db:NVDid:CVE-2020-27940

LAST UPDATE DATE

2024-08-14T15:17:03.763000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-372051date:2021-09-21T00:00:00
db:JVNDBid:JVNDB-2020-017284date:2022-08-29T07:45:00
db:CNNVDid:CNNVD-202109-402date:2021-09-10T00:00:00
db:NVDid:CVE-2020-27940date:2021-09-21T14:45:47.283

SOURCES RELEASE DATE

db:VULHUBid:VHN-372051date:2021-09-08T00:00:00
db:JVNDBid:JVNDB-2020-017284date:2022-08-29T00:00:00
db:CNNVDid:CNNVD-202109-402date:2021-09-08T00:00:00
db:NVDid:CVE-2020-27940date:2021-09-08T15:15:08.990