Sign-up

ID

VAR-202203-1524


CVE

CVE-2020-20095


TITLE

iMessage iOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-016778

DESCRIPTION

iMessage (Messages app) iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. iMessage (Messages app) iOS Exists in unspecified vulnerabilities.Information may be tampered with. Apple iMessage iOS is an instant messaging service of Apple (Apple)

Trust: 1.71

sources: NVD: CVE-2020-20095 // JVNDB: JVNDB-2019-016778 // VULHUB: VHN-173539

AFFECTED PRODUCTS

vendor:applemodel:imessagescope:lteversion:12.4

Trust: 1.0

vendor:アップルmodel:imessagescope:lteversion:ios 12.4 and earlier

Trust: 0.8

vendor:アップルmodel:imessagescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-016778 // NVD: CVE-2020-20095

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-20095
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-20095
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202203-2094
value: MEDIUM

Trust: 0.6

VULHUB: VHN-173539
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-20095
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-173539
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-20095
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-20095
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-173539 // JVNDB: JVNDB-2019-016778 // CNNVD: CNNVD-202203-2094 // NVD: CVE-2020-20095

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2019-016778 // NVD: CVE-2020-20095

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-2094

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202203-2094

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-173539

PATCH
title:Top Pageurl:https://www.apple.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-016778

EXTERNAL IDS
db:NVDid:CVE-2020-20095
Trust: 3.3
db:PACKETSTORMid:166448
Trust: 2.5
db:JVNDBid:JVNDB-2019-016778
Trust: 0.8
db:CNNVDid:CNNVD-202203-2094
Trust: 0.7
db:CXSECURITYid:WLB-2022030121
Trust: 0.6
db:VULHUBid:VHN-173539
Trust: 0.1
sources:
            
            
            VULHUB: VHN-173539 // 
            
            
            
            JVNDB: JVNDB-2019-016778 // 
            
            
            
            CNNVD: CNNVD-202203-2094 // 
            
            
            
            NVD: CVE-2020-20095

REFERENCES
url:http://packetstormsecurity.com/files/166448/rtlo-injection-uri-spoofing.html
Trust: 3.1
url:https://github.com/zadewg/rius
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2020-20095
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2020-20095/
Trust: 0.6
url:https://cxsecurity.com/issue/wlb-2022030121
Trust: 0.6
sources:
            
            
            VULHUB: VHN-173539 // 
            
            
            
            JVNDB: JVNDB-2019-016778 // 
            
            
            
            CNNVD: CNNVD-202203-2094 // 
            
            
            
            NVD: CVE-2020-20095

CREDITS
Sick Codes
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202203-2094

SOURCES
db:VULHUBid:VHN-173539
db:JVNDBid:JVNDB-2019-016778
db:CNNVDid:CNNVD-202203-2094
db:NVDid:CVE-2020-20095

LAST UPDATE DATE
2024-08-14T15:01:06.040000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-173539date:2022-03-30T00:00:00
db:JVNDBid:JVNDB-2019-016778date:2023-08-02T06:18:00
db:CNNVDid:CNNVD-202203-2094date:2022-03-31T00:00:00
db:NVDid:CVE-2020-20095date:2022-03-30T19:59:27.080

SOURCES RELEASE DATE
db:VULHUBid:VHN-173539date:2022-03-23T00:00:00
db:JVNDBid:JVNDB-2019-016778date:2023-08-02T00:00:00
db:CNNVDid:CNNVD-202203-2094date:2022-03-23T00:00:00
db:NVDid:CVE-2020-20095date:2022-03-23T22:15:12.763