Details of VAR-202203-0138

ID

VAR-202203-0138

CVE

CVE-2022-22652

TITLE

iOS and iPadOS Vulnerability in leaking resources to the wrong area in

Trust: 0.8

sources: JVNDB: JVNDB-2022-008434

DESCRIPTION

The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen. iOS and iPadOS Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained and information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-22652 // JVNDB: JVNDB-2022-008434 // VULHUB: VHN-411280 // VULMON: CVE-2022-22652

AFFECTED PRODUCTS

vendor:	apple	model:	ipados	scope:	lt	version:	15.4	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.4	Trust: 1.0
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	eq	version:	15.4	Trust: 0.8

sources: JVNDB: JVNDB-2022-008434 // NVD: CVE-2022-22652

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22652
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-22652
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202203-1247
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-411280
value:	LOW
Trust: 0.1
VULMON:	CVE-2022-22652
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-22652
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-411280
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22652
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22652
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-411280 // VULMON: CVE-2022-22652 // JVNDB: JVNDB-2022-008434 // CNNVD: CNNVD-202203-1247 // NVD: CVE-2022-22652

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	Leakage of resources to the wrong area (CWE-668) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-668	Trust: 0.1

sources: VULHUB: VHN-411280 // JVNDB: JVNDB-2022-008434 // NVD: CVE-2022-22652

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202203-1247

PATCH

title:	HT213182	url:	https://support.apple.com/en-us/HT213182	Trust: 0.8
title:	Apple iOS and Apple iPadOS Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186890	Trust: 0.6
title:	Apple: iOS 15.4 and iPadOS 15.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=14b60b166a667fc4faf52d81847a180a	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-22652 // JVNDB: JVNDB-2022-008434 // CNNVD: CNNVD-202203-1247

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22652	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-008434	Trust: 0.8
db:	CS-HELP	id:	SB2022031436	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-1247	Trust: 0.6
db:	VULHUB	id:	VHN-411280	Trust: 0.1
db:	VULMON	id:	CVE-2022-22652	Trust: 0.1

sources: VULHUB: VHN-411280 // VULMON: CVE-2022-22652 // JVNDB: JVNDB-2022-008434 // CNNVD: CNNVD-202203-1247 // NVD: CVE-2022-22652

REFERENCES

url:	https://support.apple.com/en-us/ht213182	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22652	Trust: 0.8
url:	https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-37800	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031436	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-22652/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/306.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht213182	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-411280 // VULMON: CVE-2022-22652 // JVNDB: JVNDB-2022-008434 // CNNVD: CNNVD-202203-1247 // NVD: CVE-2022-22652

SOURCES

db:	VULHUB	id:	VHN-411280
db:	VULMON	id:	CVE-2022-22652
db:	JVNDB	id:	JVNDB-2022-008434
db:	CNNVD	id:	CNNVD-202203-1247
db:	NVD	id:	CVE-2022-22652

LAST UPDATE DATE

2024-08-14T12:42:22.269000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-411280	date:	2022-03-26T00:00:00
db:	VULMON	id:	CVE-2022-22652	date:	2023-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-008434	date:	2023-07-27T01:53:00
db:	CNNVD	id:	CNNVD-202203-1247	date:	2022-03-28T00:00:00
db:	NVD	id:	CVE-2022-22652	date:	2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-411280	date:	2022-03-18T00:00:00
db:	VULMON	id:	CVE-2022-22652	date:	2022-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-008434	date:	2023-07-27T00:00:00
db:	CNNVD	id:	CNNVD-202203-1247	date:	2022-03-14T00:00:00
db:	NVD	id:	CVE-2022-22652	date:	2022-03-18T18:15:14.760