Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-9992
HistoryOct 16, 2020 - 5:15 p.m.

CVE-2020-9992

2020-10-1617:15:00
NVD-CWE-noinfo
[email protected]
web.nvd.nist.gov
52
2
cve-2020-9992
ios 14
ipados 14
tvos 14
watchos 7
network security
encrypted communication

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

43.3%

JSON

This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network.

VendorProductVersionCPE
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appleipad_os*cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
applexcode*cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*

Social References

More

Related

apple 4
prion 1
githubexploit 1
threatpost 1
apple
apple
About the security content of Xcode 12.0 - Apple Support
2020-11-12 10:19:34
About the security content of Xcode 12.0
2020-09-16 00:00:00
About the security content of iOS 14.0 and iPadOS 14.0 - Apple Support
2020-12-15 05:43:15
prion
prion
Design/Logic Flaw
2020-10-16 17:15:00
githubexploit
githubexploit
Exploit for Vulnerability in Apple Ipad Os
2020-09-16 23:35:22
threatpost
threatpost
Apple Bug Allows Code Execution on iPhone, iPad, iPod
2020-09-17 20:23:17

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

43.3%

JSON
Related for CVE-2020-9992
apple4prion1githubexploit1threatpost1