ID

VAR-202012-1505


CVE

CVE-2020-9988


TITLE

plural  Apple  Vulnerability in product to discover deleted messages

Trust: 0.8

sources: JVNDB: JVNDB-2020-014231

DESCRIPTION

The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)

Trust: 1.71

sources: NVD: CVE-2020-9988 // JVNDB: JVNDB-2020-014231 // VULHUB: VHN-188113

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:14.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:11.0.1

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.0

Trust: 1.0

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope:eqversion:14.0

Trust: 0.8

vendor:アップルmodel:ipadosscope:ltversion:(ipad air 2 or later )

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope:ltversion:(ipad mini 4 or later )

Trust: 0.8

sources: JVNDB: JVNDB-2020-014231 // NVD: CVE-2020-9988

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9988
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-9988
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202011-1347
value: MEDIUM

Trust: 0.6

VULHUB: VHN-188113
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-9988
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-188113
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9988
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-9988
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-188113 // JVNDB: JVNDB-2020-014231 // CNNVD: CNNVD-202011-1347 // NVD: CVE-2020-9988

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-014231 // NVD: CVE-2020-9988

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-1347

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-1347

PATCH

title:HT211850 Apple  Security updateurl:https://support.apple.com/en-us/HT211850

Trust: 0.8

title:Apple Messages Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134642

Trust: 0.6

sources: JVNDB: JVNDB-2020-014231 // CNNVD: CNNVD-202011-1347

EXTERNAL IDS

db:NVDid:CVE-2020-9988

Trust: 2.5

db:JVNid:JVNVU92546061

Trust: 0.8

db:JVNid:JVNVU99462952

Trust: 0.8

db:JVNDBid:JVNDB-2020-014231

Trust: 0.8

db:AUSCERTid:ESB-2020.4060.2

Trust: 0.6

db:AUSCERTid:ESB-2020.3181.2

Trust: 0.6

db:CNNVDid:CNNVD-202011-1347

Trust: 0.6

db:VULHUBid:VHN-188113

Trust: 0.1

sources: VULHUB: VHN-188113 // JVNDB: JVNDB-2020-014231 // CNNVD: CNNVD-202011-1347 // NVD: CVE-2020-9988

REFERENCES

url:http://seclists.org/fulldisclosure/2020/dec/32

Trust: 1.7

url:https://support.apple.com/en-us/ht211850

Trust: 1.7

url:https://support.apple.com/en-us/ht211931

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-9988

Trust: 1.4

url:http://jvn.jp/vu/jvnvu92546061/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu99462952/index.html

Trust: 0.8

url:https://vigilance.fr/vulnerability/apple-macos-11-multiple-vulnerabilities-33899

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3181.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4060.2/

Trust: 0.6

sources: VULHUB: VHN-188113 // JVNDB: JVNDB-2020-014231 // CNNVD: CNNVD-202011-1347 // NVD: CVE-2020-9988

SOURCES

db:VULHUBid:VHN-188113
db:JVNDBid:JVNDB-2020-014231
db:CNNVDid:CNNVD-202011-1347
db:NVDid:CVE-2020-9988

LAST UPDATE DATE

2024-08-14T12:07:14.149000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-188113date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2020-014231date:2021-08-12T05:23:00
db:CNNVDid:CNNVD-202011-1347date:2020-12-24T00:00:00
db:NVDid:CVE-2020-9988date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:VULHUBid:VHN-188113date:2020-12-08T00:00:00
db:JVNDBid:JVNDB-2020-014231date:2021-08-12T00:00:00
db:CNNVDid:CNNVD-202011-1347date:2020-11-13T00:00:00
db:NVDid:CVE-2020-9988date:2020-12-08T20:15:17.997