Vulnerability Name:

CVE-2020-10001 (CCN-199353)

Assigned:2020-12-14
Published:2020-12-14
Updated:2021-11-30
Summary:An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
5.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
4.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-20
CWE-120
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2020-10001

Source: XF
Type: UNKNOWN
apple-macos-cve202010001-info-disc(199353)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20211030 [SECURITY] [DLA 2800-1] cups security update

Source: CCN
Type: Apple security document HT212011
About the security content of macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave

Source: MISC
Type: Vendor Advisory
https://support.apple.com/en-us/HT212011

Source: CCN
Type: IBM Security Bulletin 6551876 (Cloud Pak for Security)
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Vulnerable Configuration:Configuration 1:
  • cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version < 11.1.0)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:apple:macos_mojave:10.14.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:macos_big_sur:11.0.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:macos_catalina:10.15.7:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8002
    P
    		cups-ddk-2.2.7-150000.3.40.1 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:7474
    P
    		cups-2.2.7-150000.3.40.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7926
    P
    		libcups2-32bit-2.2.7-150000.3.40.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:95370
    P
    		Security update for apache2 (Important)
    2022-07-06
    oval:org.opensuse.security:def:3476
    P
    		dpdk-18.11.2-1.59 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3377
    P
    		sysstat-12.0.2-10.24.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95007
    P
    		cups-ddk-2.2.7-3.26.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94588
    P
    		jq-1.6-3.3.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94913
    P
    		gvfs-1.48.1-150400.2.17 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2900
    P
    		cups-2.2.7-3.26.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94530
    P
    		cups-2.2.7-3.26.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:36
    P
    		cups-2.2.7-3.26.1 on GA media (Moderate)
    2022-06-13
    oval:org.opensuse.security:def:101626
    P
    		Security update for libxml2 (Important) (in QA)
    2022-04-29
    oval:org.opensuse.security:def:102083
    P
    		Security update for protobuf (Moderate)
    2022-03-30
    oval:org.opensuse.security:def:965
    P
    		Security update for libcaca (Important)
    2022-03-09
    oval:org.opensuse.security:def:112129
    P
    		cups-2.3.3op2-4.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:105665
    P
    		Security update for samba (Important)
    2021-11-16
    oval:com.redhat.rhsa:def:20214393
    P
    		RHSA-2021:4393: cups security and bug fix update (Moderate)
    2021-11-09
    oval:org.opensuse.security:def:4504
    P
    		Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP5) (Important)
    2021-10-14
    oval:org.opensuse.security:def:1913
    P
    		cups-ddk-2.2.7-3.26.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:71795
    P
    		cups-2.2.7-3.26.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101301
    P
    		rpm-build-4.14.1-29.46 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:72721
    P
    		cups-ddk-2.2.7-3.26.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:100812
    P
    		cups-2.2.7-3.26.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62054
    P
    		cups-2.2.7-3.26.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101260
    P
    		cups-ddk-2.2.7-3.26.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:63002
    P
    		cups-ddk-2.2.7-3.26.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:5822
    P
    		Security update for mariadb (Important)
    2021-08-06
    oval:org.opensuse.security:def:111208
    P
    		Security update for cups (Moderate)
    2021-02-05
    oval:org.opensuse.security:def:74661
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:93421
    P
    		 (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:108749
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:100323
    P
    		 (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:97169
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:58812
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:94184
    P
    		 (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:32989
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:64565
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:75979
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:5098
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:93577
    P
    		 (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:38778
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:100652
    P
    		 (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:60343
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:94395
    P
    		 (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:34520
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:107967
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:65593
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:43208
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:117481
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:93758
    P
    		 (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:40079
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:73687
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:108292
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:66911
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:44509
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:117806
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:93972
    P
    		 (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:26111
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:87453
    P
    		Security update for cups (Moderate)
    2021-02-02
    BACK
    apple mac os x *
    debian debian linux 9.0
    apple macos mojave 10.14.6
    apple macos big sur 11.0.0
    apple macos catalina 10.15.7
    ibm cloud pak for security 1.7.2.0