← Back to CVEs
CVE-2020-9934
MEDIUMCISA KEV5.5
Description
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.
CVE Details
CVSS v3.1 Score5.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published10/16/2020
Last Modified10/23/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorApple
ProductiOS, iPadOS, and macOS
Vulnerability NameApple iOS, iPadOS, and macOS Input Validation Vulnerability
KEV Date Added2022-09-08
Remediation Due Date2022-09-29
Ransomware UseUnknown
Affected Products
apple:ipadosapple:iphone_osapple:mac_os_x
References
https://support.apple.com/HT211288(product-security@apple.com)
https://support.apple.com/HT211289(product-security@apple.com)
https://support.apple.com/HT211288(af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT211289(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9934(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.