ID

VAR-202012-1525


CVE

CVE-2020-9977


TITLE

plural  Apple  Product validation vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-014228

DESCRIPTION

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to determine a user's open tabs in Safari. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)

Trust: 1.71

sources: NVD: CVE-2020-9977 // JVNDB: JVNDB-2020-014228 // VULHUB: VHN-188102

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:14.2

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:11.0.1

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.2

Trust: 1.0

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope:eqversion:14.0

Trust: 0.8

vendor:アップルmodel:ipadosscope:ltversion:(ipad air 2 or later )

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope:ltversion:(ipad mini 4 or later )

Trust: 0.8

sources: JVNDB: JVNDB-2020-014228 // NVD: CVE-2020-9977

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9977
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-9977
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202011-1340
value: MEDIUM

Trust: 0.6

VULHUB: VHN-188102
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9977
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-188102
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9977
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-9977
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-188102 // JVNDB: JVNDB-2020-014228 // CNNVD: CNNVD-202011-1340 // NVD: CVE-2020-9977

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-188102 // JVNDB: JVNDB-2020-014228 // NVD: CVE-2020-9977

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-1340

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202011-1340

PATCH

title:HT211850 Apple  Security updateurl:https://support.apple.com/en-us/HT211850

Trust: 0.8

title:Apple Safari Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136410

Trust: 0.6

sources: JVNDB: JVNDB-2020-014228 // CNNVD: CNNVD-202011-1340

EXTERNAL IDS

db:NVDid:CVE-2020-9977

Trust: 2.5

db:JVNid:JVNVU92546061

Trust: 0.8

db:JVNid:JVNVU99462952

Trust: 0.8

db:JVNDBid:JVNDB-2020-014228

Trust: 0.8

db:AUSCERTid:ESB-2020.4060.2

Trust: 0.6

db:AUSCERTid:ESB-2020.3181.2

Trust: 0.6

db:CNNVDid:CNNVD-202011-1340

Trust: 0.6

db:VULHUBid:VHN-188102

Trust: 0.1

sources: VULHUB: VHN-188102 // JVNDB: JVNDB-2020-014228 // CNNVD: CNNVD-202011-1340 // NVD: CVE-2020-9977

REFERENCES

url:http://seclists.org/fulldisclosure/2020/dec/32

Trust: 1.7

url:https://support.apple.com/en-us/ht211850

Trust: 1.7

url:https://support.apple.com/en-us/ht211931

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-9977

Trust: 1.4

url:http://jvn.jp/vu/jvnvu92546061/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu99462952/index.html

Trust: 0.8

url:https://vigilance.fr/vulnerability/apple-macos-11-multiple-vulnerabilities-33899

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3181.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4060.2/

Trust: 0.6

sources: VULHUB: VHN-188102 // JVNDB: JVNDB-2020-014228 // CNNVD: CNNVD-202011-1340 // NVD: CVE-2020-9977

SOURCES

db:VULHUBid:VHN-188102
db:JVNDBid:JVNDB-2020-014228
db:CNNVDid:CNNVD-202011-1340
db:NVDid:CVE-2020-9977

LAST UPDATE DATE

2024-08-14T13:04:26.631000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-188102date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2020-014228date:2021-08-12T05:22:00
db:CNNVDid:CNNVD-202011-1340date:2020-12-24T00:00:00
db:NVDid:CVE-2020-9977date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:VULHUBid:VHN-188102date:2020-12-08T00:00:00
db:JVNDBid:JVNDB-2020-014228date:2021-08-12T00:00:00
db:CNNVDid:CNNVD-202011-1340date:2020-11-13T00:00:00
db:NVDid:CVE-2020-9977date:2020-12-08T20:15:17.730