9.3

CVE-2020-9992

EPSS 3.96%
Veröffentlicht 16.10.2020 17:15:18
Zuletzt bearbeitet 21.11.2024 05:41:39
Quelle product-security@apple.com
Teams Watchlist Login
Unerledigt Login

This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ XCode Version < 12.0

Apple ≫ iPadOS Version < 14.0

Apple ≫ iPhone OS Version < 14.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.96%	0.879

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://seclists.org/fulldisclosure/2020/Nov/20

Third Party Advisory

Mailing List

https://support.apple.com/HT211850

Vendor Advisory

Release Notes

https://support.apple.com/HT211848

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2020-9992

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-9992

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-9992

EUVD