CVE-2020-9992
Last modified
CVE-2020-9992 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. EPSS estimates a 2.99% chance of exploitation in the next 30 days.
Description
This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apple | Xcode | < 12.0 |
| Apple | Ipados | < 14.0 |
| Apple | Iphone Os | < 14.0 |
References
- http://seclists.org/fulldisclosure/2020/Nov/20Mailing List, Third Party Advisory
- https://support.apple.com/HT211848Release Notes, Vendor Advisory
- https://support.apple.com/HT211850Release Notes, Vendor Advisory
- http://seclists.org/fulldisclosure/2020/Nov/20Mailing List, Third Party Advisory
- https://support.apple.com/HT211848Release Notes, Vendor Advisory
- https://support.apple.com/HT211850Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-9992?
How severe is CVE-2020-9992?
How do I fix CVE-2020-9992?
Are you affected by CVE-2020-9992?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST