CVE-2020-9868

A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate.

CVSS v3 9.1 CRITICAL
CVSS v2.0 6.4 MEDIUM

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://support.apple.com/kb/HT211288	Vendor Advisory
https://support.apple.com/kb/HT211289	Vendor Advisory
https://support.apple.com/kb/HT211290	Vendor Advisory
https://support.apple.com/kb/HT211291	Vendor Advisory
https://support.apple.com/kb/HT211288	Vendor Advisory
https://support.apple.com/kb/HT211289	Vendor Advisory
https://support.apple.com/kb/HT211290	Vendor Advisory
https://support.apple.com/kb/HT211291	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

21 Nov 2024, 05:41

Type	Values Removed	Values Added
References	~~() https://support.apple.com/kb/HT211288 - Vendor Advisory~~	() https://support.apple.com/kb/HT211288 - Vendor Advisory
References	~~() https://support.apple.com/kb/HT211289 - Vendor Advisory~~	() https://support.apple.com/kb/HT211289 - Vendor Advisory
References	~~() https://support.apple.com/kb/HT211290 - Vendor Advisory~~	() https://support.apple.com/kb/HT211290 - Vendor Advisory
References	~~() https://support.apple.com/kb/HT211291 - Vendor Advisory~~	() https://support.apple.com/kb/HT211291 - Vendor Advisory

Information

Published : 2020-10-22 18:15

Updated : 2024-11-21 05:41

NVD link : CVE-2020-9868

Mitre link : CVE-2020-9868

CVE.ORG link : CVE-2020-9868

JSON object : View

Products Affected

apple

iphone_os
ipados
mac_os_x
tvos
watchos

CWE

CWE-295

Improper Certificate Validation

9.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

6.4 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2020-9868

9.1^/10

6.4^/10

Attach tags to `CVE-2020-9868`