FKIE_CVE-2020-9806

Vulnerability from fkie_nvd - Published: 2020-06-09 17:15 - Updated: 2024-11-21 05:41
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.
References
product-security@apple.comhttps://support.apple.com/HT211168Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/HT211171Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/HT211175Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/HT211177Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/HT211178Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/HT211179Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/HT211181Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT211168Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT211171Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT211175Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT211177Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT211178Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT211179Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT211181Release Notes, Vendor Advisory
Impacted products
Vendor Product Version
apple icloud *
apple icloud *
apple itunes *
apple safari *
apple ipados *
apple iphone_os *
apple tvos *
apple watchos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "E6EB4486-52E3-43AA-AE88-77F0C0E8906F",
              "versionEndExcluding": "7.19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "6F18FA66-C407-4271-B811-3C62C9E096B2",
              "versionEndExcluding": "11.2",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "94684731-68A9-4FAD-86BF-C1150A306684",
              "versionEndExcluding": "12.10.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "153930A6-12C9-4B51-9835-A8C7AB7B4619",
              "versionEndExcluding": "13.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9145C3CB-429B-4FB8-A0AC-B543E9FFF938",
              "versionEndExcluding": "13.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C09256B-04A9-4D08-A791-8022B5AC5B14",
              "versionEndExcluding": "13.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87753A67-6F9D-4264-BCEB-0694281F0477",
              "versionEndExcluding": "13.4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85301873-69B8-4A21-9EFD-F69A5E1ABF40",
              "versionEndExcluding": "6.2.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 un problema de corrupci\u00f3n de la memoria con una administraci\u00f3n de estado mejorada. Este problema es corregido en iOS versi\u00f3n 13.5 y iPadOS versi\u00f3n 13.5, tvOS versi\u00f3n 13.4.5, watchOS versi\u00f3n 6.2.5, Safari versi\u00f3n 13.1.1, iTunes versi\u00f3n 12.10.7 para Windows, iCloud para Windows versi\u00f3n 11.2, iCloud para Windows versi\u00f3n 7.19. El procesamiento de un contenido web dise\u00f1ado con fines maliciosos puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria"
    }
  ],
  "id": "CVE-2020-9806",
  "lastModified": "2024-11-21T05:41:19.147",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-09T17:15:12.457",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211168"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211171"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211175"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211177"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211178"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211179"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211181"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.