CVE-2020-9992

{"id": "CVE-2020-9992", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-10-16T17:15:18.433", "references": [{"url": "http://seclists.org/fulldisclosure/2020/Nov/20", "tags": ["Mailing List", "Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT211848", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/HT211850", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network."}, {"lang": "es", "value": "Este problema es corregido cifrando las comunicaciones a trav\u00e9s de la red para los dispositivos que ejecutan iOS versi\u00f3n 14, iPadOS versi\u00f3n 14, tvOS versi\u00f3n 14 y watchOS versi\u00f3n 7. Este problema es corregido en iOS versi\u00f3n 14.0 e iPadOS versi\u00f3n 14.0, Xcode versi\u00f3n 12.0. Un atacante en una posici\u00f3n de red privilegiada puede ser capaz de ejecutar c\u00f3digo arbitrario en un dispositivo emparejado durante una sesi\u00f3n de depuraci\u00f3n a trav\u00e9s de la red"}], "lastModified": "2023-01-09T16:41:59.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "436EEDF1-BC5C-4B1F-BC17-F3A856AB2B61", "versionEndExcluding": "12.0"}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10CC9ED4-9AE1-415A-94FF-60CB209506CA", "versionEndExcluding": "14.0"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16AF4D2F-3C55-4DCC-A253-3F8CB4F453EF", "versionEndExcluding": "14.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}