fkie_cve-2020-9849
Vulnerability from fkie_nvd
Published
2020-12-08 20:15
Modified
2024-11-21 05:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.
References
product-security@apple.comhttp://seclists.org/fulldisclosure/2020/Dec/32Mailing List, Third Party Advisory
product-security@apple.comhttps://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
product-security@apple.comhttps://support.apple.com/en-us/HT211843Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT211844Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT211850Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT211931Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT211935Release Notes, Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT211952Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2020/Dec/32Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT211843Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT211844Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT211850Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT211931Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT211935Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT211952Release Notes, Vendor Advisory
Impacted products
Vendor Product Version
apple icloud *
apple itunes *
apple ipados *
apple macos *
apple tvos *
apple watchos *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "5AD2710B-E1DB-4D6C-9A0E-1EC033AEC709",
              "versionEndExcluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "599D94C6-FD19-4848-8037-D298B331DE16",
              "versionEndExcluding": "12.10.9",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10CC9ED4-9AE1-415A-94FF-60CB209506CA",
              "versionEndExcluding": "14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2EE75CC-3796-416A-9E58-64788BB89240",
              "versionEndExcluding": "11.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D16EC4D-D2E7-476D-BFBC-3703C8F0B45E",
              "versionEndExcluding": "14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C117BCCF-7789-40BB-AD25-1E712F6DCF7C",
              "versionEndExcluding": "7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 un problema de divulgaci\u00f3n de informaci\u00f3n con una administraci\u00f3n de estado mejorada. Este problema se corrigi\u00f3 en macOS Big Sur versi\u00f3n 11.0.1, watchOS versi\u00f3n 7.0, iOS versi\u00f3n 14.0 y iPadOS versi\u00f3n 14.0, iTunes para Windows versi\u00f3n 12.10.9, iCloud para Windows versi\u00f3n 11.5, tvOS versi\u00f3n 14.0. Un atacante remoto puede ser capaz de filtrar la memoria"
    }
  ],
  "id": "CVE-2020-9849",
  "lastModified": "2024-11-21T05:41:24.130",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-08T20:15:16.027",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211843"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211844"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211850"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211931"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211935"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211844"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211850"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211935"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211952"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.