Lucene search

[email protected]CVE-2020-9978

HistoryApr 02, 2021 - 6:15 p.m.

CVE-2020-9978

2021-04-0218:15:18

[email protected]

web.nvd.nist.gov

cve-2020-9978

security fix

macos big sur

tvos 14.0

watchos 7.0

ios 14.0

ipados 14.0

network security

application state

4.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

4.8 Medium

AI Score

Confidence

Low

2.7 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:S/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

17.5%

JSON

This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network position may be able to unexpectedly alter application state.

Affected configurations

Vulners

NVD

Node

appletvosRange<14.0

applewatchosRange<7.0

appleiphone_osRange<14.0

appleipad_osRange<14.0

applemacosRange<11.0

applemacosRange<11.1

VendorProductVersionCPE
appletvos*cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
applewatchos*cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appleipad_os*cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
applemacos*cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
applemacos*cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	tvos	*	cpe:2.3:o:apple:tvos::::::::
apple	watchos	*	cpe:2.3:o:apple:watchos::::::::
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	ipad_os	*	cpe:2.3:o:apple:ipad_os::::::::
apple	macos	*	cpe:2.3:o:apple:macos::::::::
apple	macos	*	cpe:2.3:o:apple:macos::::::::

CNA Affected

[
  {
    "product": "tvOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "14.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "watchOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "7.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "iOS and iPadOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "14.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "macOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "11.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "macOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "11.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

support.apple.com/en-us/HT211843

support.apple.com/en-us/HT211844

support.apple.com/en-us/HT211850

support.apple.com/en-us/HT211931

support.apple.com/en-us/HT212011

Social References

4.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

4.8 Medium

AI Score

Confidence

Low

2.7 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:S/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

17.5%

JSON

Related for CVE-2020-9978

prion1 nvd1 cvelist1 apple7 nessus1 openvas1