cve-2019-8841
Vulnerability from cvelistv5
Published
2020-10-27 19:54
Modified
2024-08-04 21:31
Severity
Summary
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3. An application may be able to execute arbitrary code with kernel privileges.
References
| Source | URL | Tags |
|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/HT210785 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product |
|---|---|
| Apple | iOS and iPadOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210785"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3. An application may be able to execute arbitrary code with kernel privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An application may be able to execute arbitrary code with kernel privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-27T19:54:56",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210785"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "13.3"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3. An application may be able to execute arbitrary code with kernel privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An application may be able to execute arbitrary code with kernel privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT210785",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210785"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8841",
"datePublished": "2020-10-27T19:54:56",
"dateReserved": "2019-02-18T00:00:00",
"dateUpdated": "2024-08-04T21:31:37.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-8841\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2020-10-27T20:15:21.110\",\"lastModified\":\"2021-07-21T11:39:23.747\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3. An application may be able to execute arbitrary code with kernel privileges.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema de divulgaci\u00f3n de informaci\u00f3n al eliminar el c\u00f3digo vulnerable.\u0026#xa0;Este problema se corrigi\u00f3 en iOS versi\u00f3n 13.3 y iPadOS versi\u00f3n 13.3.\u0026#xa0;Una aplicaci\u00f3n puede ser capaz de ejecutar c\u00f3digo arbitrario con privilegios kernel\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":7.2},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.3\",\"matchCriteriaId\":\"A02B4418-82F4-4A23-8F4C-3C03C5522FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.3\",\"matchCriteriaId\":\"FDAD0B76-9EF7-4CCF-8CDD-6CF7355D0767\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT210785\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
}
}
Loading...