Vulnerability CVE-2020-10001

Vulnerability Name:

CVE-2020-10001 (CCN-199353)

Assigned:

2020-12-14

Published:

2020-12-14

Updated:

2021-11-30

Summary:

An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
4.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-20
CWE-120

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-10001

Source: XF
Type: UNKNOWN
apple-macos-cve202010001-info-disc(199353)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20211030 [SECURITY] [DLA 2800-1] cups security update

Source: CCN
Type: Apple security document HT212011
About the security content of macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave

Source: MISC
Type: Vendor Advisory
https://support.apple.com/en-us/HT212011

Source: CCN
Type: IBM Security Bulletin 6551876 (Cloud Pak for Security)
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Vulnerable Configuration:

Configuration 1:

cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version < 11.1.0)

Configuration 2:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/o:apple:macos_mojave:10.14.6:*:*:*:*:*:*:*

OR cpe:/o:apple:macos_big_sur:11.0.0:*:*:*:*:*:*:*

OR cpe:/o:apple:macos_catalina:10.15.7:*:*:*:*:*:*:*

AND

cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8002	P	cups-ddk-2.2.7-150000.3.40.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7474	P	cups-2.2.7-150000.3.40.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7926	P	libcups2-32bit-2.2.7-150000.3.40.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:95370	P	Security update for apache2 (Important)	2022-07-06
oval:org.opensuse.security:def:3476	P	dpdk-18.11.2-1.59 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3377	P	sysstat-12.0.2-10.24.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95007	P	cups-ddk-2.2.7-3.26.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94588	P	jq-1.6-3.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94913	P	gvfs-1.48.1-150400.2.17 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2900	P	cups-2.2.7-3.26.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94530	P	cups-2.2.7-3.26.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:36	P	cups-2.2.7-3.26.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:101626	P	Security update for libxml2 (Important) (in QA)	2022-04-29
oval:org.opensuse.security:def:102083	P	Security update for protobuf (Moderate)	2022-03-30
oval:org.opensuse.security:def:965	P	Security update for libcaca (Important)	2022-03-09
oval:org.opensuse.security:def:112129	P	cups-2.3.3op2-4.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105665	P	Security update for samba (Important)	2021-11-16
oval:com.redhat.rhsa:def:20214393	P	RHSA-2021:4393: cups security and bug fix update (Moderate)	2021-11-09
oval:org.opensuse.security:def:4504	P	Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP5) (Important)	2021-10-14
oval:org.opensuse.security:def:1913	P	cups-ddk-2.2.7-3.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71795	P	cups-2.2.7-3.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101301	P	rpm-build-4.14.1-29.46 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72721	P	cups-ddk-2.2.7-3.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100812	P	cups-2.2.7-3.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62054	P	cups-2.2.7-3.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101260	P	cups-ddk-2.2.7-3.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63002	P	cups-ddk-2.2.7-3.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:5822	P	Security update for mariadb (Important)	2021-08-06
oval:org.opensuse.security:def:111208	P	Security update for cups (Moderate)	2021-02-05
oval:org.opensuse.security:def:74661	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:93421	P	(Moderate)	2021-02-02
oval:org.opensuse.security:def:108749	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:100323	P	(Moderate)	2021-02-02
oval:org.opensuse.security:def:97169	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:58812	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:94184	P	(Moderate)	2021-02-02
oval:org.opensuse.security:def:32989	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:64565	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:75979	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:5098	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:93577	P	(Moderate)	2021-02-02
oval:org.opensuse.security:def:38778	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:100652	P	(Moderate)	2021-02-02
oval:org.opensuse.security:def:60343	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:94395	P	(Moderate)	2021-02-02
oval:org.opensuse.security:def:34520	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:107967	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:65593	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:43208	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:117481	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:93758	P	(Moderate)	2021-02-02
oval:org.opensuse.security:def:40079	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:73687	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:108292	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:66911	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:44509	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:117806	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:93972	P	(Moderate)	2021-02-02
oval:org.opensuse.security:def:26111	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:87453	P	Security update for cups (Moderate)	2021-02-02

BACK