CVE-2020-20095

CVE Database · CVE-2020-20095

CVE-2020-20095

· MEDIUMModified

CVSS v3.1

6.5

EPSS

1.30%

Published

Mar 23, 2022

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

iMessage (Messages app) iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Products (1)

apple · imessagevulnerable

References (4)

http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html

ExploitThird Party AdvisoryVDB Entry

https://github.com/zadewg/RIUS

ExploitThird Party Advisory

http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html

ExploitThird Party AdvisoryVDB Entry

https://github.com/zadewg/RIUS

ExploitThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs