CVE-2020-9817 - Vulnerability Details

Vendors	Products
Apple	Mac Os X

Link	Providers
https://support.apple.com/HT211170
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "macOS Catalina 10.15.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges."}], "problemTypes": [{"descriptions": [{"description": "A malicious application may be able to gain root privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-05T17:06:29", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/HT211170"}, {"name": "20210505 MacOS Local Privilege Escalation Exploitable through Cisco AnyConnect Secure Mobility Client", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2020-9817", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "macOS Catalina 10.15.5"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "A malicious application may be able to gain root privileges"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/HT211170", "refsource": "MISC", "url": "https://support.apple.com/HT211170"}, {"name": "20210505 MacOS Local Privilege Escalation Exploitable through Cisco AnyConnect Secure Mobility Client", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:43:05.324Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/HT211170"}, {"name": "20210505 MacOS Local Privilege Escalation Exploitable through Cisco AnyConnect Secure Mobility Client", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2020-9817", "datePublished": "2020-06-09T16:11:30", "dateReserved": "2020-03-02T00:00:00", "dateUpdated": "2024-08-04T10:43:05.324Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : macOS (string)

vendor : Apple (string)

versions : [ »

0 : { »

lessThan : macOS Catalina 10.15.5 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : A malicious application may be able to gain root privileges (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-05-05T17:06:29 (string)

orgId : 286789f9-fbc2-4510-9f9a-43facdede74c (string)

shortName : apple (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://support.apple.com/HT211170 (string)

}

1 : { »

name : 20210505 MacOS Local Privilege Escalation Exploitable through Cisco AnyConnect Secure Mobility Client (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CISCO (string)

]

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : product-security@apple.com (string)

ID : CVE-2020-9817 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : macOS (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : macOS Catalina 10.15.5 (string)

}

]

}

]

}

vendor_name : Apple (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : A malicious application may be able to gain root privileges (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://support.apple.com/HT211170 (string)

refsource : MISC (string)

url : https://support.apple.com/HT211170 (string)

}

1 : { »

name : 20210505 MacOS Local Privilege Escalation Exploitable through Cisco AnyConnect Secure Mobility Client (string)

refsource : CISCO (string)

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T10:43:05.324Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://support.apple.com/HT211170 (string)

}

1 : { »

name : 20210505 MacOS Local Privilege Escalation Exploitable through Cisco AnyConnect Secure Mobility Client (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CISCO (string)

2 : x_transferred (string)

]

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 286789f9-fbc2-4510-9f9a-43facdede74c (string)

assignerShortName : apple (string)

cveId : CVE-2020-9817 (string)

datePublished : 2020-06-09T16:11:30 (string)

dateReserved : 2020-03-02T00:00:00 (string)

dateUpdated : 2024-08-04T10:43:05.324Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "760AE295-2E39-4DA3-A384-01A5D4A131AD", "versionEndExcluding": "10.13.6", "versionStartIncluding": "10.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DE2B03F-94EE-4E32-B366-FE31A7031403", "versionEndExcluding": "10.14.6", "versionStartIncluding": "10.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABAA703D-5FAB-4773-B4A2-759685B17ACB", "versionEndExcluding": "10.15.5", "versionStartIncluding": "10.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*", "matchCriteriaId": "297D2D0C-EA9D-4B2C-9357-D88DB6C7143A", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*", "matchCriteriaId": "0D845143-1B4D-478B-B83E-8F1664CBCAC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*", "matchCriteriaId": "23C6DF6A-9A30-4F9E-BD9C-C19D8551C6DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*", "matchCriteriaId": "754A2DF4-8724-4448-A2AB-AC5442029CB7", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*", "matchCriteriaId": "D392C777-1949-4920-B459-D083228E4688", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*", "matchCriteriaId": "68B0A232-F2A4-4B87-99EB-3A532DFA87DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*", "matchCriteriaId": "0DF528F7-0F1E-4E55-A088-91327E3C360C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*", "matchCriteriaId": "E222445A-D398-47C8-9639-4BAE36B69AA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*", "matchCriteriaId": "9425DAC8-038D-4B09-A074-3780AED912FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*", "matchCriteriaId": "8EA63C1C-1EEC-4961-A7B7-439D21293B99", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*", "matchCriteriaId": "B2F5D631-2306-4526-BEE5-22456D95ABAB", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*", "matchCriteriaId": "F79B7361-F2F2-4FA6-A27D-CC8F2D37A726", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", "matchCriteriaId": "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", "matchCriteriaId": "CFE26ECC-A2C2-4501-9950-510DE0E1BD86", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", "matchCriteriaId": "26108BEF-0847-4AB0-BD98-35344DFA7835", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*", "matchCriteriaId": "A369D48B-6A0A-47AE-9513-D5E2E6F30931", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*", "matchCriteriaId": "510F8317-94DA-498E-927A-83D5F41AF54A", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*", "matchCriteriaId": "0D5D1970-6D2A-42CA-A203-42023D71730D", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*", "matchCriteriaId": "C68AE52B-5139-40A4-AE9A-E752DBF07D1B", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", "matchCriteriaId": "0FD3467D-7679-479F-9C0B-A93F7CD0929D", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", "matchCriteriaId": "D4C6098E-EDBD-4A85-8282-B2E9D9333872", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges."}, {"lang": "es", "value": "Se present\u00f3 un problema de permisos. Este problema se abord\u00f3 con una comprobaci\u00f3n de permisos mejorada. Este problema es corregido en macOS Catalina versi\u00f3n 10.15.5. Una aplicaci\u00f3n maliciosa puede ser capaz de alcanzar privilegios de root"}], "id": "CVE-2020-9817", "lastModified": "2024-11-21T05:41:20.380", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-09T17:15:13.253", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211170"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/HT211170"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 760AE295-2E39-4DA3-A384-01A5D4A131AD (string)

versionEndExcluding : 10.13.6 (string)

versionStartIncluding : 10.13 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6DE2B03F-94EE-4E32-B366-FE31A7031403 (string)

versionEndExcluding : 10.14.6 (string)

versionStartIncluding : 10.14 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* (string)

matchCriteriaId : ABAA703D-5FAB-4773-B4A2-759685B17ACB (string)

versionEndExcluding : 10.15.5 (string)

versionStartIncluding : 10.15 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:* (string)

matchCriteriaId : 297D2D0C-EA9D-4B2C-9357-D88DB6C7143A (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:* (string)

matchCriteriaId : 0D845143-1B4D-478B-B83E-8F1664CBCAC3 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:* (string)

matchCriteriaId : 23C6DF6A-9A30-4F9E-BD9C-C19D8551C6DA (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:* (string)

matchCriteriaId : 754A2DF4-8724-4448-A2AB-AC5442029CB7 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:* (string)

matchCriteriaId : D392C777-1949-4920-B459-D083228E4688 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:* (string)

matchCriteriaId : 68B0A232-F2A4-4B87-99EB-3A532DFA87DA (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:* (string)

matchCriteriaId : 0DF528F7-0F1E-4E55-A088-91327E3C360C (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:* (string)

matchCriteriaId : E222445A-D398-47C8-9639-4BAE36B69AA1 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:* (string)

matchCriteriaId : 9425DAC8-038D-4B09-A074-3780AED912FA (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:* (string)

matchCriteriaId : 8EA63C1C-1EEC-4961-A7B7-439D21293B99 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:* (string)

matchCriteriaId : B2F5D631-2306-4526-BEE5-22456D95ABAB (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:* (string)

matchCriteriaId : F79B7361-F2F2-4FA6-A27D-CC8F2D37A726 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:* (string)

matchCriteriaId : 693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:* (string)

matchCriteriaId : CFE26ECC-A2C2-4501-9950-510DE0E1BD86 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:* (string)

matchCriteriaId : 26108BEF-0847-4AB0-BD98-35344DFA7835 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:* (string)

matchCriteriaId : A369D48B-6A0A-47AE-9513-D5E2E6F30931 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:* (string)

matchCriteriaId : 510F8317-94DA-498E-927A-83D5F41AF54A (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:* (string)

matchCriteriaId : 0D5D1970-6D2A-42CA-A203-42023D71730D (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:* (string)

matchCriteriaId : C68AE52B-5139-40A4-AE9A-E752DBF07D1B (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:* (string)

matchCriteriaId : 0FD3467D-7679-479F-9C0B-A93F7CD0929D (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:* (string)

matchCriteriaId : D4C6098E-EDBD-4A85-8282-B2E9D9333872 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges. (string)

}

1 : { »

lang : es (string)

value : Se presentó un problema de permisos. Este problema se abordó con una comprobación de permisos mejorada. Este problema es corregido en macOS Catalina versión 10.15.5. Una aplicación maliciosa puede ser capaz de alcanzar privilegios de root (string)

}

]

id : CVE-2020-9817 (string)

lastModified : 2024-11-21T05:41:20.380 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 9.3 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:M/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-06-09T17:15:13.253 (string)

references : [ »

0 : { »

source : product-security@apple.com (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://support.apple.com/HT211170 (string)

}

1 : { »

source : product-security@apple.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://support.apple.com/HT211170 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-mac-priv-esc-VqST2nrT (string)

}

]

sourceIdentifier : product-security@apple.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-276 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object