Vulnerability Details : CVE-2020-20095
iMessage (Messages app) iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.
Products affected by CVE-2020-20095
- cpe:2.3:a:apple:imessage:*:*:*:*:*:iphone_os:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-20095
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-20095
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
References for CVE-2020-20095
-
http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html
RTLO Injection URI Spoofing ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://github.com/zadewg/RIUS
GitHub - zadewg/RIUS: RTLO Injection URI SpoofingExploit;Third Party Advisory
Jump to