Details of VAR-202205-1592

ID

VAR-202205-1592

CVE

CVE-2022-26774

TITLE

Windows for iTunes Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011247

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. Windows for iTunes Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-26774 // JVNDB: JVNDB-2022-011247 // VULHUB: VHN-417443

AFFECTED PRODUCTS

vendor:	apple	model:	itunes	scope:	lt	version:	12.12.4	Trust: 1.0
vendor:	アップル	model:	itunes	scope:	eq	version:	12.12.4	Trust: 0.8
vendor:	アップル	model:	itunes	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	itunes	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-011247 // NVD: CVE-2022-26774

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26774
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-26774
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202205-3792
value:	HIGH
Trust: 0.6
VULHUB:	VHN-417443
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-26774
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-417443
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-26774
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26774
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-417443 // JVNDB: JVNDB-2022-011247 // CNNVD: CNNVD-202205-3792 // NVD: CVE-2022-26774

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-269	Trust: 0.1

sources: VULHUB: VHN-417443 // JVNDB: JVNDB-2022-011247 // NVD: CVE-2022-26774

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3792

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202205-3792

PATCH

title:	HT213259 Apple Security update	url:	https://support.apple.com/en-us/HT213259	Trust: 0.8
title:	Apple iTunes Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195214	Trust: 0.6

sources: JVNDB: JVNDB-2022-011247 // CNNVD: CNNVD-202205-3792

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26774	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-011247	Trust: 0.8
db:	CS-HELP	id:	SB2022051917	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3792	Trust: 0.6
db:	VULHUB	id:	VHN-417443	Trust: 0.1

sources: VULHUB: VHN-417443 // JVNDB: JVNDB-2022-011247 // CNNVD: CNNVD-202205-3792 // NVD: CVE-2022-26774

REFERENCES

url:	https://support.apple.com/en-us/ht213259	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26774	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022051917	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-26774/	Trust: 0.6

sources: VULHUB: VHN-417443 // JVNDB: JVNDB-2022-011247 // CNNVD: CNNVD-202205-3792 // NVD: CVE-2022-26774

SOURCES

db:	VULHUB	id:	VHN-417443
db:	JVNDB	id:	JVNDB-2022-011247
db:	CNNVD	id:	CNNVD-202205-3792
db:	NVD	id:	CVE-2022-26774

LAST UPDATE DATE

2024-08-14T12:52:21.924000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-417443	date:	2022-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-011247	date:	2023-08-21T06:25:00
db:	CNNVD	id:	CNNVD-202205-3792	date:	2022-06-08T00:00:00
db:	NVD	id:	CVE-2022-26774	date:	2023-08-08T14:21:49.707

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-417443	date:	2022-05-26T00:00:00
db:	JVNDB	id:	JVNDB-2022-011247	date:	2023-08-21T00:00:00
db:	CNNVD	id:	CNNVD-202205-3792	date:	2022-05-18T00:00:00
db:	NVD	id:	CVE-2022-26774	date:	2022-05-26T20:15:10.077