CVE-2020-3838

Опубликовано: 27 фев. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Низкий

Описание

The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges.

Ссылки

http://seclists.org/fulldisclosure/2021/Apr/51
Third Party Advisory
https://support.apple.com/HT210918
Release Notes
Vendor Advisory
https://support.apple.com/HT210919
Release Notes
Vendor Advisory
https://support.apple.com/HT210920
Release Notes
Vendor Advisory
https://support.apple.com/HT210921
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT212326
Vendor Advisory
https://support.apple.com/kb/HT212327
Vendor Advisory
http://seclists.org/fulldisclosure/2021/Apr/51
Third Party Advisory
https://support.apple.com/HT210918
Release Notes
Vendor Advisory
https://support.apple.com/HT210919
Release Notes
Vendor Advisory
https://support.apple.com/HT210920
Release Notes
Vendor Advisory
https://support.apple.com/HT210921
Release Notes
Vendor Advisory
https://support.apple.com/kb/HT212326
Vendor Advisory
https://support.apple.com/kb/HT212327
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Версия до 13.3.1 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 13.3.1 (исключая)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Версия до 10.14.6 (исключая)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Версия от 10.15 (включая) до 10.15.3 (исключая)

cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Версия до 13.3.1 (исключая)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Версия до 6.1.2 (исключая)

EPSS

Процентиль: 60%

0.00399

Низкий

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-276

Связанные уязвимости

GHSA-xmp4-jqff-7hx8

github

больше 3 лет назад

EPSS

Процентиль: 60%

0.00399

Низкий

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-276