CVE-2020-9817 | ByteOS Network

Vulnerability Details :

CVE-2020-9817

Assigner-apple

Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c

Published At-09 Jun, 2020 | 16:11

Updated At-04 Aug, 2024 | 10:43

A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:apple

Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c

Published At:09 Jun, 2020 | 16:11

Updated At:04 Aug, 2024 | 10:43

▼CVE Numbering Authority (CNA)

A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges.

Affected Products

Vendor

Product

Versions

Affected

From unspecified before macOS Catalina 10.15.5 (custom)

Problem Types

Type	CWE ID	Description
text	N/A	A malicious application may be able to gain root privileges

Type: text

CWE ID: N/A

Description: A malicious application may be able to gain root privileges

References

Hyperlink	Resource
https://support.apple.com/HT211170	x_refsource_MISC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT	vendor-advisory x_refsource_CISCO

Hyperlink: https://support.apple.com/HT211170

Resource:

x_refsource_MISC

Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT

Resource:

vendor-advisory

x_refsource_CISCO

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://support.apple.com/HT211170	x_refsource_MISC x_transferred
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT	vendor-advisory x_refsource_CISCO x_transferred

Hyperlink: https://support.apple.com/HT211170

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT

Resource:

vendor-advisory

x_refsource_CISCO

x_transferred

▼National Vulnerability Database (NVD)

Source:product-security@apple.com

Published At:09 Jun, 2020 | 17:15

Updated At:02 Jun, 2022 | 19:53

A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 9.3

Base severity: HIGH

Vector:

AV:N/AC:M/Au:N/C:C/I:C/A:C

CPE Matches

>>mac_os_x>>Versions from 10.13(inclusive) to 10.13.6(exclusive)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

>>mac_os_x>>Versions from 10.14(inclusive) to 10.14.6(exclusive)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

>>mac_os_x>>Versions from 10.15(inclusive) to 10.15.5(exclusive)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

>>mac_os_x>>10.13.6

cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*

>>mac_os_x>>10.13.6

cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*

>>mac_os_x>>10.13.6

cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*

>>mac_os_x>>10.13.6

cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*

>>mac_os_x>>10.13.6

cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*

>>mac_os_x>>10.13.6

cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*

>>mac_os_x>>10.13.6

cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*

>>mac_os_x>>10.13.6

cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*

>>mac_os_x>>10.13.6

cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*

>>mac_os_x>>10.13.6

cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*

>>mac_os_x>>10.13.6

cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*

>>mac_os_x>>10.13.6

cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*

>>mac_os_x>>10.14.6

cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*

>>mac_os_x>>10.14.6

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*

>>mac_os_x>>10.14.6

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*

>>mac_os_x>>10.14.6

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*

>>mac_os_x>>10.14.6

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*

>>mac_os_x>>10.14.6

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*

>>mac_os_x>>10.14.6

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*

>>mac_os_x>>10.14.6

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*

>>mac_os_x>>10.14.6

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-276	Primary	nvd@nist.gov

CWE ID: CWE-276

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://support.apple.com/HT211170	product-security@apple.com	Release Notes Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT	product-security@apple.com	Third Party Advisory

Hyperlink: https://support.apple.com/HT211170

Source: product-security@apple.com

Resource:

Release Notes

Vendor Advisory

Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT

Source: product-security@apple.com

Resource:

Third Party Advisory