CVE-2020-9868
Last modified
CVE-2020-9868 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. EPSS estimates a 1.03% chance of exploitation in the next 30 days.
Description
A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apple | Ipados | < 13.6 |
| Apple | Iphone Os | < 13.6 |
| Apple | Mac Os X | < 10.15.6 |
| Apple | Tvos | < 13.4.8 |
| Apple | Watchos | < 6.2.8 |
References
- https://support.apple.com/kb/HT211288Vendor Advisory
- https://support.apple.com/kb/HT211289Vendor Advisory
- https://support.apple.com/kb/HT211290Vendor Advisory
- https://support.apple.com/kb/HT211291Vendor Advisory
- https://support.apple.com/kb/HT211288Vendor Advisory
- https://support.apple.com/kb/HT211289Vendor Advisory
- https://support.apple.com/kb/HT211290Vendor Advisory
- https://support.apple.com/kb/HT211291Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-9868?
How severe is CVE-2020-9868?
How do I fix CVE-2020-9868?
Are you affected by CVE-2020-9868?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST