CVE-2020-9914 — Improper Input Validation in Apple Tvos

CWE-20 — Improper Input Validation5 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 38.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS Apple Tvos Apple Ipados +1 more

Timeline

PublishedOct 16

Latest updateMay 24

Description

An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5apple/tvosunspecified — tvOS 13.4.8

▶NVDapple/tvos< 13.4.8

▶NVDapple/ipados< 13.6

▶CVEListV5apple/iosunspecified — iOS 13.6 and iPadOS 13.6

▶NVDapple/iphone_os< 13.6

🔴Vulnerability Details

GHSA

GHSA-hg47-5j2j-pgvc: An input validation issue existed in Bluetooth↗2022-05-24

▶

CVEList

CVE-2020-9914: An input validation issue existed in Bluetooth↗2020-10-16

▶

📋Vendor Advisories

Apple

CVE-2020-9914: iOS 13.6 and iPadOS 13.6↗2020-07-15

▶

Apple

CVE-2020-9914: tvOS 13.4.8↗2020-07-15

▶