Details of VAR-202104-0170

ID

VAR-202104-0170

CVE

CVE-2020-27922

TITLE

plural Apple Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-017279

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted font file may lead to arbitrary code execution. plural Apple There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. There is a security vulnerability in Apple macOS. There is no information about this vulnerability at present. Please keep an eye on CNNVD or manufacturer announcements. Apple macOS could allow a remote malicious user to execute arbitrary code on the system, caused by a logic issue in the CoreText component

Trust: 1.8

sources: NVD: CVE-2020-27922 // JVNDB: JVNDB-2020-017279 // VULHUB: VHN-372033 // VULMON: CVE-2020-27922

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	11.0.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	7.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	11.1.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	14.2	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	14.2	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	14.2	Trust: 1.0
vendor:	アップル	model:	apple mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	watchos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-017279 // NVD: CVE-2020-27922

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-27922
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-27922
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202012-1084
value:	HIGH
Trust: 0.6
VULHUB:	VHN-372033
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-27922
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-27922
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-372033
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-27922
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-27922
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-372033 // VULMON: CVE-2020-27922 // JVNDB: JVNDB-2020-017279 // CNNVD: CNNVD-202012-1084 // NVD: CVE-2020-27922

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-017279 // NVD: CVE-2020-27922

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202012-1084

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-1084

PATCH

title:	HT211931 Apple Security update	url:	https://support.apple.com/en-us/HT211928	Trust: 0.8
title:	Apple macOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137037	Trust: 0.6
title:	Apple: macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=60a51a6d3f600c46241622f208f75bff	Trust: 0.1

sources: VULMON: CVE-2020-27922 // JVNDB: JVNDB-2020-017279 // CNNVD: CNNVD-202012-1084

EXTERNAL IDS

db:	NVD	id:	CVE-2020-27922	Trust: 3.4
db:	JVN	id:	JVNVU99462952	Trust: 0.8
db:	JVN	id:	JVNVU95288122	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-017279	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.4060.2	Trust: 0.6
db:	CNNVD	id:	CNNVD-202012-1084	Trust: 0.6
db:	VULHUB	id:	VHN-372033	Trust: 0.1
db:	VULMON	id:	CVE-2020-27922	Trust: 0.1

sources: VULHUB: VHN-372033 // VULMON: CVE-2020-27922 // JVNDB: JVNDB-2020-017279 // CNNVD: CNNVD-202012-1084 // NVD: CVE-2020-27922

REFERENCES

url:	https://support.apple.com/en-us/ht211928	Trust: 1.8
url:	https://support.apple.com/en-us/ht211929	Trust: 1.8
url:	https://support.apple.com/en-us/ht211930	Trust: 1.8
url:	https://support.apple.com/en-us/ht211931	Trust: 1.8
url:	https://support.apple.com/en-us/ht212011	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27922	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu99462952/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu95288122/	Trust: 0.8
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-34108	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4060.2/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/193094	Trust: 0.1

sources: VULHUB: VHN-372033 // VULMON: CVE-2020-27922 // JVNDB: JVNDB-2020-017279 // CNNVD: CNNVD-202012-1084 // NVD: CVE-2020-27922

SOURCES

db:	VULHUB	id:	VHN-372033
db:	VULMON	id:	CVE-2020-27922
db:	JVNDB	id:	JVNDB-2020-017279
db:	CNNVD	id:	CNNVD-202012-1084
db:	NVD	id:	CVE-2020-27922

LAST UPDATE DATE

2024-08-14T12:34:01.331000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-372033	date:	2023-01-09T00:00:00
db:	VULMON	id:	CVE-2020-27922	date:	2021-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-017279	date:	2022-08-29T02:02:00
db:	CNNVD	id:	CNNVD-202012-1084	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2020-27922	date:	2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-372033	date:	2021-04-02T00:00:00
db:	VULMON	id:	CVE-2020-27922	date:	2021-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-017279	date:	2022-08-29T00:00:00
db:	CNNVD	id:	CNNVD-202012-1084	date:	2020-12-15T00:00:00
db:	NVD	id:	CVE-2020-27922	date:	2021-04-02T18:15:15.763