CVE-2020-9901

Description

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges.

Risk Information

Base Score

7.8

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.049

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.6	Mac
Multiple vulnerabilities are fixed in macOS Catalina 10.15.6 Combo Update	Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-602673	MacOS Catalina 10.15.7 - Auto Reboot
PATCH-602674	macOS Catalina 10.15.7 Combo Update - Auto Reboot

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234