VAR-202012-1511
Vulnerability from variot - Updated: 2023-12-18 11:35An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing. macOS and Safari Exists in a user interface mismatch vulnerability due to poor state management.malicious Web The address bar can be spoofed through access to the site. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1511",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.1.2"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(mac mini 2014 or later )"
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(macbook air 2013 or later )"
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(imac pro all models )"
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(imac 2014 or later )"
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(macbook pro late 2013 or later )"
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(mac pro 2013 or later )"
},
{
"model": "apple mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(macbook 2015 or later )"
},
{
"model": "apple mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "11.0.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"db": "NVD",
"id": "CVE-2020-9942"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9942"
}
]
},
"cve": "CVE-2020-9942",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-9942",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-188067",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-9942",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-9942",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-1349",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-188067",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-9942",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-188067"
},
{
"db": "VULMON",
"id": "CVE-2020-9942"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"db": "NVD",
"id": "CVE-2020-9942"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1349"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing. macOS and Safari Exists in a user interface mismatch vulnerability due to poor state management.malicious Web The address bar can be spoofed through access to the site. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9942"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"db": "VULHUB",
"id": "VHN-188067"
},
{
"db": "VULMON",
"id": "CVE-2020-9942"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9942",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU99462952",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94090210",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014204",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.4060",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4060.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1349",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-188067",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-9942",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-188067"
},
{
"db": "VULMON",
"id": "CVE-2020-9942"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"db": "NVD",
"id": "CVE-2020-9942"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1349"
}
]
},
"id": "VAR-202012-1511",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-188067"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:35:43.158000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT211292 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211292"
},
{
"title": "Apple Safari Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=134644"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1349"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1021",
"trust": 1.0
},
{
"problemtype": "Inappropriate restrictions on rendered user interface layers or frames (CWE-1021) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"db": "NVD",
"id": "CVE-2020-9942"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://seclists.org/fulldisclosure/2020/dec/32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht211292"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht211931"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9942"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94090210/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99462952/index.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-11-multiple-vulnerabilities-33899"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4060/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4060.2/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/1021.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-188067"
},
{
"db": "VULMON",
"id": "CVE-2020-9942"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"db": "NVD",
"id": "CVE-2020-9942"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1349"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-188067"
},
{
"db": "VULMON",
"id": "CVE-2020-9942"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"db": "NVD",
"id": "CVE-2020-9942"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1349"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-188067"
},
{
"date": "2020-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9942"
},
{
"date": "2021-08-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"date": "2020-12-08T20:15:16.230000",
"db": "NVD",
"id": "CVE-2020-9942"
},
{
"date": "2020-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1349"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-02T00:00:00",
"db": "VULHUB",
"id": "VHN-188067"
},
{
"date": "2020-12-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9942"
},
{
"date": "2021-08-11T03:01:00",
"db": "JVNDB",
"id": "JVNDB-2020-014204"
},
{
"date": "2022-06-02T19:36:21.883000",
"db": "NVD",
"id": "CVE-2020-9942"
},
{
"date": "2020-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1349"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1349"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "macOS\u00a0 and \u00a0Safari\u00a0 User Interface Mismatch Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014204"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1349"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…