CVE-2020-3917

EUVD-2020-25182
This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Affected Products (NVD)
VendorProductVersion
appleipados
𝑥
< 13.4
appleiphone_os
𝑥
< 13.4
appletvos
𝑥
< 13.4
applewatchos
𝑥
< 6.2
𝑥
= Vulnerable software versions
References
https://support.apple.com/HT211101
https://support.apple.com/HT211102
https://support.apple.com/HT211103
https://support.apple.com/HT211101
https://support.apple.com/HT211102
https://support.apple.com/HT211103