fkie_cve-2020-10003
Vulnerability from fkie_nvd
Published
2020-12-08 20:15
Modified
2024-11-21 04:54
Severity ?
Summary
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges.
References
URL | Tags | ||
---|---|---|---|
product-security@apple.com | http://seclists.org/fulldisclosure/2020/Dec/32 | Mailing List, Third Party Advisory | |
product-security@apple.com | https://support.apple.com/en-us/HT211928 | Vendor Advisory | |
product-security@apple.com | https://support.apple.com/en-us/HT211929 | Vendor Advisory | |
product-security@apple.com | https://support.apple.com/en-us/HT211930 | Vendor Advisory | |
product-security@apple.com | https://support.apple.com/en-us/HT211931 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2020/Dec/32 | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT211928 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT211929 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT211930 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT211931 | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "8768B67A-43ED-4726-A99F-A0A57A9A2CEC", "versionEndExcluding": "14.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "468039C1-6A38-44D0-A0A1-294966117744", "versionEndExcluding": "14.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CD08100-FC49-42F0-A226-0E5B523EC027", "versionEndExcluding": "11.0.1", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "25DF8721-B1E2-45AF-87FD-14AB02B5506A", "versionEndExcluding": "14.2", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "845B0F8C-2958-4BD2-9141-DCF894AFB953", "versionEndExcluding": "7.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges." }, { "lang": "es", "value": "Se present\u00f3 un problema dentro de la l\u00f3gica de comprobaci\u00f3n de ruta para enlaces simb\u00f3licos.\u0026#xa0;Este problema se abord\u00f3 con un saneamiento de rutas mejorado.\u0026#xa0;Este problema se corrigi\u00f3 en macOS Big Sur versi\u00f3n 11.0.1, iOS versi\u00f3n 14.2 y iPadOS versi\u00f3n 14.2, tvOS versi\u00f3n 14.2, watchOS versi\u00f3n 7.1.\u0026#xa0;Un atacante local puede ser capaz de elevar sus privilegios" } ], "id": "CVE-2020-10003", "lastModified": "2024-11-21T04:54:37.990", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-12-08T20:15:13.073", "references": [ { "source": "product-security@apple.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2020/Dec/32" }, { "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ], "url": "https://support.apple.com/en-us/HT211928" }, { "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ], "url": "https://support.apple.com/en-us/HT211929" }, { "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ], "url": "https://support.apple.com/en-us/HT211930" }, { "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ], "url": "https://support.apple.com/en-us/HT211931" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2020/Dec/32" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.apple.com/en-us/HT211928" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.apple.com/en-us/HT211929" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.apple.com/en-us/HT211930" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.apple.com/en-us/HT211931" } ], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-59" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…