Details of VAR-202205-1354

ID

VAR-202205-1354

CVE

CVE-2022-26725

TITLE

macOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011161

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. Photo location information may persist after it is removed with Preview Inspector. macOS Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2022-26725 // JVNDB: JVNDB-2022-011161 // VULHUB: VHN-417394 // VULMON: CVE-2022-26725

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	lt	version:	12.4	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0
vendor:	アップル	model:	macos	scope:	eq	version:	12.0 that's all 12.4	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-011161 // NVD: CVE-2022-26725

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26725
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-26725
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202205-3382
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-417394
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-26725
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-417394
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-26725
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26725
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-417394 // JVNDB: JVNDB-2022-011161 // CNNVD: CNNVD-202205-3382 // NVD: CVE-2022-26725

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-011161 // NVD: CVE-2022-26725

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3382

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202205-3382

PATCH

title:	HT213257 Apple Security update	url:	https://support.apple.com/en-us/HT213257	Trust: 0.8
title:	Apple macOS Monterey Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195188	Trust: 0.6
title:	Apple: macOS Monterey 12.4	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=73857ee26a600b1527481f1deacc0619	Trust: 0.1

sources: VULMON: CVE-2022-26725 // JVNDB: JVNDB-2022-011161 // CNNVD: CNNVD-202205-3382

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26725	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-011161	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.2413	Trust: 0.6
db:	CS-HELP	id:	SB2022051701	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3382	Trust: 0.6
db:	VULHUB	id:	VHN-417394	Trust: 0.1
db:	VULMON	id:	CVE-2022-26725	Trust: 0.1

sources: VULHUB: VHN-417394 // VULMON: CVE-2022-26725 // JVNDB: JVNDB-2022-011161 // CNNVD: CNNVD-202205-3382 // NVD: CVE-2022-26725

REFERENCES

url:	https://support.apple.com/en-us/ht213257	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26725	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022051701	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-26725/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-38381	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2413	Trust: 0.6
url:	https://support.apple.com/kb/ht213257	Trust: 0.1

sources: VULHUB: VHN-417394 // VULMON: CVE-2022-26725 // JVNDB: JVNDB-2022-011161 // CNNVD: CNNVD-202205-3382 // NVD: CVE-2022-26725

SOURCES

db:	VULHUB	id:	VHN-417394
db:	VULMON	id:	CVE-2022-26725
db:	JVNDB	id:	JVNDB-2022-011161
db:	CNNVD	id:	CNNVD-202205-3382
db:	NVD	id:	CVE-2022-26725

LAST UPDATE DATE

2024-08-14T13:05:47.802000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-417394	date:	2022-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-011161	date:	2023-08-21T00:50:00
db:	CNNVD	id:	CNNVD-202205-3382	date:	2022-06-08T00:00:00
db:	NVD	id:	CVE-2022-26725	date:	2022-06-07T22:43:46.887

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-417394	date:	2022-05-26T00:00:00
db:	JVNDB	id:	JVNDB-2022-011161	date:	2023-08-21T00:00:00
db:	CNNVD	id:	CNNVD-202205-3382	date:	2022-05-16T00:00:00
db:	NVD	id:	CVE-2022-26725	date:	2022-05-26T19:15:08.730