Sign-up

ID

VAR-202203-0033


CVE

CVE-2022-22660


TITLE

macOS  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-008340

DESCRIPTION

This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI. macOS There is an input validation vulnerability in.Information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-22660 // JVNDB: JVNDB-2022-008340 // VULHUB: VHN-411288 // VULMON: CVE-2022-22660

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:アップルmodel:macosscope:eqversion:12.3

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-008340 // NVD: CVE-2022-22660

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22660
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-22660
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202203-1243
value: MEDIUM

Trust: 0.6

VULHUB: VHN-411288
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-22660
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-22660
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-411288
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-22660
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-22660
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-411288 // VULMON: CVE-2022-22660 // JVNDB: JVNDB-2022-008340 // CNNVD: CNNVD-202203-1243 // NVD: CVE-2022-22660

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-20

Trust: 0.1

sources: VULHUB: VHN-411288 // JVNDB: JVNDB-2022-008340 // NVD: CVE-2022-22660

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202203-1243

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202203-1243

PATCH

title:HT213183url:https://support.apple.com/en-us/HT213183

Trust: 0.8

title:Apple macOS Monterey Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186764

Trust: 0.6

title:Apple: macOS Monterey 12.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=f1105c4a20da11497b610b14a1668180

Trust: 0.1

title:CVE-2022-22660: CoreFollowUp phishing attack on macOSurl:https://github.com/insidegui/CoreFollowUpAttack

Trust: 0.1

title:https://github.com/houjingyi233/macOS-iOS-system-securityurl:https://github.com/houjingyi233/macOS-iOS-system-security

Trust: 0.1

title:https://github.com/houjingyi233/macos-ios-exploit-writeupurl:https://github.com/houjingyi233/macos-ios-exploit-writeup

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-22660 // JVNDB: JVNDB-2022-008340 // CNNVD: CNNVD-202203-1243

EXTERNAL IDS

db:NVDid:CVE-2022-22660

Trust: 3.4

db:JVNDBid:JVNDB-2022-008340

Trust: 0.8

db:CS-HELPid:SB2022031433

Trust: 0.6

db:CNNVDid:CNNVD-202203-1243

Trust: 0.6

db:VULHUBid:VHN-411288

Trust: 0.1

db:VULMONid:CVE-2022-22660

Trust: 0.1

sources: VULHUB: VHN-411288 // VULMON: CVE-2022-22660 // JVNDB: JVNDB-2022-008340 // CNNVD: CNNVD-202203-1243 // NVD: CVE-2022-22660

REFERENCES

url:https://support.apple.com/en-us/ht213183

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-22660

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-22660/

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-37800

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031433

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://github.com/insidegui/corefollowupattack

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://support.apple.com/kb/ht213183

Trust: 0.1

sources: VULHUB: VHN-411288 // VULMON: CVE-2022-22660 // JVNDB: JVNDB-2022-008340 // CNNVD: CNNVD-202203-1243 // NVD: CVE-2022-22660

SOURCES

db:VULHUBid:VHN-411288
db:VULMONid:CVE-2022-22660
db:JVNDBid:JVNDB-2022-008340
db:CNNVDid:CNNVD-202203-1243
db:NVDid:CVE-2022-22660

LAST UPDATE DATE

2024-08-14T12:12:52.202000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-411288date:2022-03-24T00:00:00
db:VULMONid:CVE-2022-22660date:2023-08-08T00:00:00
db:JVNDBid:JVNDB-2022-008340date:2023-07-26T06:36:00
db:CNNVDid:CNNVD-202203-1243date:2022-03-25T00:00:00
db:NVDid:CVE-2022-22660date:2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:VULHUBid:VHN-411288date:2022-03-18T00:00:00
db:VULMONid:CVE-2022-22660date:2022-03-18T00:00:00
db:JVNDBid:JVNDB-2022-008340date:2023-07-26T00:00:00
db:CNNVDid:CNNVD-202203-1243date:2022-03-14T00:00:00
db:NVDid:CVE-2022-22660date:2022-03-18T18:15:14.997