CVE-2020-3891Missing Authorization in Apple Watchos

CWE-862Missing Authorization3 documents3 sources
Severity
2.4LOWNVD
EPSS
0.0%
top 86.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple IOSApple WatchosApple Ipad OS+1 more
Timeline
PublishedApr 1
Latest updateMay 24

Description

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages5 packages

CVEListV5apple/watchosunspecifiedwatchOS 6.2
NVDapple/ipad_os< 13.4
NVDapple/watchos< 6.2
CVEListV5apple/iosunspecifiediOS 13.4 and iPadOS 13.4
NVDapple/iphone_os< 13.4

🔴Vulnerability Details

2
GHSA
GHSA-c887-fjhv-3qfj: A logic issue was addressed with improved state management2022-05-24
CVEList
CVE-2020-3891: A logic issue was addressed with improved state management2020-04-01
CVE-2020-3891 — Missing Authorization in Apple Watchos | cvebase