Lucene search

[email protected]CVE-2020-9862

HistoryOct 16, 2020 - 5:15 p.m.

CVE-2020-9862

2020-10-1617:15:15

CWE-116

CWE-77

[email protected]

web.nvd.nist.gov

208

cve-2020-9862

command injection

web inspector

ios

ipados

tvos

watchos

safari

itunes

icloud

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.2%

JSON

A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection.

Affected configurations

Vulners

NVD

Node

appleiphone_osRange<13.6

appleipad_osRange<13.6

appletvosRange<13.4.8

applewatchosRange<6.2.8

applesafariRange<13.1.2

appleitunesRange<12.10.8

appleicloudRange<11.3

appleicloudRange<7.20

VendorProductVersionCPE
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appleipad_os*cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
appletvos*cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
applewatchos*cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
appleitunes*cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
appleicloud*cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*
appleicloud*cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	ipad_os	*	cpe:2.3:o:apple:ipad_os::::::::
apple	tvos	*	cpe:2.3:o:apple:tvos::::::::
apple	watchos	*	cpe:2.3:o:apple:watchos::::::::
apple	safari	*	cpe:2.3:a:apple:safari::::::::
apple	itunes	*	cpe:2.3:a:apple:itunes::::::::
apple	icloud	*	cpe:2.3:a:apple:icloud::::::::
apple	icloud	*	cpe:2.3:a:apple:icloud::::::::

CNA Affected

[
  {
    "product": "iOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "iOS 13.6 and iPadOS 13.6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "tvOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "tvOS 13.4.8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "watchOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "watchOS 6.2.8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Safari",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "Safari 13.1.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "iTunes for Windows",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "iTunes 12.10.8 for Windows",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "iCloud for Windows",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "iCloud for Windows 11.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "iCloud for Windows (Legacy)",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "iCloud for Windows 7.20",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]