Sign-up

ID

VAR-202205-1591


CVE

CVE-2022-26773


TITLE

Windows  for  iTunes  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011248

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission. Windows for iTunes Exists in unspecified vulnerabilities.Information is tampered with and service operation is interrupted (DoS) It may be in a state. This vulnerability allows local attackers to escalate privileges on affected installations of Apple iTunes. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the Apple Mobile Device Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM

Trust: 2.43

sources: NVD: CVE-2022-26773 // JVNDB: JVNDB-2022-011248 // ZDI: ZDI-23-1497 // VULHUB: VHN-417442 // VULMON: CVE-2022-26773

AFFECTED PRODUCTS

vendor:applemodel:itunesscope:ltversion:12.12.4

Trust: 1.0

vendor:アップルmodel:itunesscope:eqversion:12.12.4

Trust: 0.8

vendor:アップルmodel:itunesscope: - version: -

Trust: 0.8

vendor:アップルmodel:itunesscope:eqversion: -

Trust: 0.8

vendor:applemodel:itunesscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-23-1497 // JVNDB: JVNDB-2022-011248 // NVD: CVE-2022-26773

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-26773
value: HIGH

Trust: 1.0

NVD: CVE-2022-26773
value: HIGH

Trust: 0.8

ZDI: CVE-2022-26773
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202205-3791
value: HIGH

Trust: 0.6

VULHUB: VHN-417442
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-26773
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-417442
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-26773
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-26773
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2022-26773
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-23-1497 // VULHUB: VHN-417442 // JVNDB: JVNDB-2022-011248 // CNNVD: CNNVD-202205-3791 // NVD: CVE-2022-26773

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-011248 // NVD: CVE-2022-26773

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3791

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202205-3791

PATCH

title:HT213259 Apple  Security updateurl:https://support.apple.com/en-us/HT213259

Trust: 1.5

title:Apple iTunes Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195213

Trust: 0.6

sources: ZDI: ZDI-23-1497 // JVNDB: JVNDB-2022-011248 // CNNVD: CNNVD-202205-3791

EXTERNAL IDS

db:NVDid:CVE-2022-26773

Trust: 4.1

db:JVNDBid:JVNDB-2022-011248

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-16895

Trust: 0.7

db:ZDIid:ZDI-23-1497

Trust: 0.7

db:CS-HELPid:SB2022051917

Trust: 0.6

db:CNNVDid:CNNVD-202205-3791

Trust: 0.6

db:VULHUBid:VHN-417442

Trust: 0.1

db:VULMONid:CVE-2022-26773

Trust: 0.1

sources: ZDI: ZDI-23-1497 // VULHUB: VHN-417442 // VULMON: CVE-2022-26773 // JVNDB: JVNDB-2022-011248 // CNNVD: CNNVD-202205-3791 // NVD: CVE-2022-26773

REFERENCES

url:https://support.apple.com/en-us/ht213259

Trust: 3.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26773

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022051917

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-26773/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: ZDI: ZDI-23-1497 // VULHUB: VHN-417442 // VULMON: CVE-2022-26773 // JVNDB: JVNDB-2022-011248 // CNNVD: CNNVD-202205-3791 // NVD: CVE-2022-26773

CREDITS

@decoder_it

Trust: 0.7

sources: ZDI: ZDI-23-1497

SOURCES

db:ZDIid:ZDI-23-1497
db:VULHUBid:VHN-417442
db:VULMONid:CVE-2022-26773
db:JVNDBid:JVNDB-2022-011248
db:CNNVDid:CNNVD-202205-3791
db:NVDid:CVE-2022-26773

LAST UPDATE DATE

2024-11-23T21:12:52.014000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-23-1497date:2023-10-04T00:00:00
db:VULHUBid:VHN-417442date:2022-06-07T00:00:00
db:VULMONid:CVE-2022-26773date:2022-05-27T00:00:00
db:JVNDBid:JVNDB-2022-011248date:2023-08-21T06:28:00
db:CNNVDid:CNNVD-202205-3791date:2022-06-08T00:00:00
db:NVDid:CVE-2022-26773date:2024-11-21T06:54:28.657

SOURCES RELEASE DATE

db:ZDIid:ZDI-23-1497date:2023-10-04T00:00:00
db:VULHUBid:VHN-417442date:2022-05-26T00:00:00
db:VULMONid:CVE-2022-26773date:2022-05-26T00:00:00
db:JVNDBid:JVNDB-2022-011248date:2023-08-21T00:00:00
db:CNNVDid:CNNVD-202205-3791date:2022-05-18T00:00:00
db:NVDid:CVE-2022-26773date:2022-05-26T20:15:10.027