Sign-up

ID

VAR-202104-0874


CVE

CVE-2020-9971


TITLE

plural  Apple  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-017299

DESCRIPTION

A logic issue was addressed with improved validation. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. A malicious application may be able to elevate privileges. plural Apple There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. An input validation error vulnerability exists in Apple macOs. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 1.8

sources: NVD: CVE-2020-9971 // JVNDB: JVNDB-2020-017299 // VULHUB: VHN-188096 // VULMON: CVE-2020-9971

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:14.0

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:14.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.0.1

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:7.0

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.0

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:アップルmodel:macos big surscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-017299 // NVD: CVE-2020-9971

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9971
value: HIGH

Trust: 1.0

NVD: CVE-2020-9971
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202012-1060
value: HIGH

Trust: 0.6

VULHUB: VHN-188096
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9971
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9971
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-188096
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9971
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-9971
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-188096 // VULMON: CVE-2020-9971 // JVNDB: JVNDB-2020-017299 // CNNVD: CNNVD-202012-1060 // NVD: CVE-2020-9971

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-017299 // NVD: CVE-2020-9971

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202012-1060

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-1060

PATCH

title:HT211850 Apple  Security updateurl:https://support.apple.com/en-us/HT211843

Trust: 0.8

title:Apple macOs Repair measures for input verification errorsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137015

Trust: 0.6

title:macOS-iOS-system-securityurl:https://github.com/houjingyi233/macOS-iOS-system-security

Trust: 0.1

sources: VULMON: CVE-2020-9971 // JVNDB: JVNDB-2020-017299 // CNNVD: CNNVD-202012-1060

EXTERNAL IDS

db:NVDid:CVE-2020-9971

Trust: 3.4

db:JVNid:JVNVU99462952

Trust: 0.8

db:JVNid:JVNVU92546061

Trust: 0.8

db:JVNDBid:JVNDB-2020-017299

Trust: 0.8

db:AUSCERTid:ESB-2020.4060.2

Trust: 0.6

db:CNNVDid:CNNVD-202012-1060

Trust: 0.6

db:VULHUBid:VHN-188096

Trust: 0.1

db:VULMONid:CVE-2020-9971

Trust: 0.1

sources: VULHUB: VHN-188096 // VULMON: CVE-2020-9971 // JVNDB: JVNDB-2020-017299 // CNNVD: CNNVD-202012-1060 // NVD: CVE-2020-9971

REFERENCES

url:https://support.apple.com/en-us/ht211843

Trust: 1.8

url:https://support.apple.com/en-us/ht211844

Trust: 1.8

url:https://support.apple.com/en-us/ht211850

Trust: 1.8

url:https://support.apple.com/en-us/ht211931

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-9971

Trust: 1.4

url:https://jvn.jp/vu/jvnvu99462952/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu92546061/

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.4060.2/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/houjingyi233/macos-ios-system-security

Trust: 0.1

sources: VULHUB: VHN-188096 // VULMON: CVE-2020-9971 // JVNDB: JVNDB-2020-017299 // CNNVD: CNNVD-202012-1060 // NVD: CVE-2020-9971

SOURCES

db:VULHUBid:VHN-188096
db:VULMONid:CVE-2020-9971
db:JVNDBid:JVNDB-2020-017299
db:CNNVDid:CNNVD-202012-1060
db:NVDid:CVE-2020-9971

LAST UPDATE DATE

2024-08-14T12:33:53.497000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-188096date:2021-04-08T00:00:00
db:VULMONid:CVE-2020-9971date:2021-04-08T00:00:00
db:JVNDBid:JVNDB-2020-017299date:2022-09-07T04:56:00
db:CNNVDid:CNNVD-202012-1060date:2021-04-09T00:00:00
db:NVDid:CVE-2020-9971date:2021-04-08T12:22:57.187

SOURCES RELEASE DATE

db:VULHUBid:VHN-188096date:2021-04-02T00:00:00
db:VULMONid:CVE-2020-9971date:2021-04-02T00:00:00
db:JVNDBid:JVNDB-2020-017299date:2022-09-07T00:00:00
db:CNNVDid:CNNVD-202012-1060date:2020-12-15T00:00:00
db:NVDid:CVE-2020-9971date:2021-04-02T18:15:18.700