Details of VAR-202012-1525

ID

VAR-202012-1525

CVE

CVE-2020-9977

TITLE

plural Apple Product validation vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-014228

DESCRIPTION

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to determine a user's open tabs in Safari. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)

Trust: 1.71

sources: NVD: CVE-2020-9977 // JVNDB: JVNDB-2020-014228 // VULHUB: VHN-188102

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	14.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	11.0.1	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	14.2	Trust: 1.0
vendor:	アップル	model:	apple mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	eq	version:	14.0	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	lt	version:	(ipad air 2 or later )	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	lt	version:	(ipad mini 4 or later )	Trust: 0.8

sources: JVNDB: JVNDB-2020-014228 // NVD: CVE-2020-9977

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9977
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-9977
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-1340
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-188102
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9977
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-188102
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9977
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9977
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-188102 // JVNDB: JVNDB-2020-014228 // CNNVD: CNNVD-202011-1340 // NVD: CVE-2020-9977

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-188102 // JVNDB: JVNDB-2020-014228 // NVD: CVE-2020-9977

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-1340

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202011-1340

PATCH

title:	HT211850 Apple Security update	url:	https://support.apple.com/en-us/HT211850	Trust: 0.8
title:	Apple Safari Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136410	Trust: 0.6

sources: JVNDB: JVNDB-2020-014228 // CNNVD: CNNVD-202011-1340

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9977	Trust: 2.5
db:	JVN	id:	JVNVU92546061	Trust: 0.8
db:	JVN	id:	JVNVU99462952	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-014228	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.4060.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3181.2	Trust: 0.6
db:	CNNVD	id:	CNNVD-202011-1340	Trust: 0.6
db:	VULHUB	id:	VHN-188102	Trust: 0.1

sources: VULHUB: VHN-188102 // JVNDB: JVNDB-2020-014228 // CNNVD: CNNVD-202011-1340 // NVD: CVE-2020-9977

REFERENCES

url:	http://seclists.org/fulldisclosure/2020/dec/32	Trust: 1.7
url:	https://support.apple.com/en-us/ht211850	Trust: 1.7
url:	https://support.apple.com/en-us/ht211931	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9977	Trust: 1.4
url:	http://jvn.jp/vu/jvnvu92546061/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99462952/index.html	Trust: 0.8
url:	https://vigilance.fr/vulnerability/apple-macos-11-multiple-vulnerabilities-33899	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3181.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4060.2/	Trust: 0.6

sources: VULHUB: VHN-188102 // JVNDB: JVNDB-2020-014228 // CNNVD: CNNVD-202011-1340 // NVD: CVE-2020-9977

SOURCES

db:	VULHUB	id:	VHN-188102
db:	JVNDB	id:	JVNDB-2020-014228
db:	CNNVD	id:	CNNVD-202011-1340
db:	NVD	id:	CVE-2020-9977

LAST UPDATE DATE

2024-08-14T13:04:26.631000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-188102	date:	2023-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-014228	date:	2021-08-12T05:22:00
db:	CNNVD	id:	CNNVD-202011-1340	date:	2020-12-24T00:00:00
db:	NVD	id:	CVE-2020-9977	date:	2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-188102	date:	2020-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-014228	date:	2021-08-12T00:00:00
db:	CNNVD	id:	CNNVD-202011-1340	date:	2020-11-13T00:00:00
db:	NVD	id:	CVE-2020-9977	date:	2020-12-08T20:15:17.730