Details of VAR-202207-1454

ID

VAR-202207-1454

CVE

CVE-2022-32801

TITLE

apple's macOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018241

DESCRIPTION

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to gain root privileges. apple's macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple macOS Monterey is the eighteenth major release of Apple's Macintosh desktop operating system, macOS. Apple macOS Monterey versions prior to 12.5 have a permission and access control issue vulnerability that stems from Spotlight failing to properly enforce security restrictions. An attacker could exploit this vulnerability to allow a local application to elevate privileges on the system

Trust: 1.8

sources: NVD: CVE-2022-32801 // JVNDB: JVNDB-2022-018241 // VULHUB: VHN-424890 // VULMON: CVE-2022-32801

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	lt	version:	12.5	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0
vendor:	アップル	model:	macos	scope:	eq	version:	12.0 that's all 12.5	Trust: 0.8
vendor:	アップル	model:	macos	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-018241 // NVD: CVE-2022-32801

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-32801
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-32801
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202207-2005
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-32801
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-32801
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018241 // CNNVD: CNNVD-202207-2005 // NVD: CVE-2022-32801

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-018241 // NVD: CVE-2022-32801

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-2005

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202207-2005

PATCH

title:	HT213345 Apple Security update	url:	https://support.apple.com/en-us/HT213345	Trust: 0.8
title:	Apple macOS Monterey Fixes for permissions and access control issues vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=208979	Trust: 0.6
title:	Apple: macOS Monterey 12.5	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c765c13fa342a7957a4e91e6dc3d34f4	Trust: 0.1

sources: VULMON: CVE-2022-32801 // JVNDB: JVNDB-2022-018241 // CNNVD: CNNVD-202207-2005

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32801	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-018241	Trust: 0.8
db:	CS-HELP	id:	SB2022072101	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3559	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-2005	Trust: 0.6
db:	CNVD	id:	CNVD-2022-71993	Trust: 0.1
db:	VULHUB	id:	VHN-424890	Trust: 0.1
db:	VULMON	id:	CVE-2022-32801	Trust: 0.1

sources: VULHUB: VHN-424890 // VULMON: CVE-2022-32801 // JVNDB: JVNDB-2022-018241 // CNNVD: CNNVD-202207-2005 // NVD: CVE-2022-32801

REFERENCES

url:	https://support.apple.com/en-us/ht213345	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32801	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.3559	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-12-multiple-vulnerabilities-38873	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072101	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-32801/	Trust: 0.6
url:	https://support.apple.com/kb/ht213345	Trust: 0.1

sources: VULHUB: VHN-424890 // VULMON: CVE-2022-32801 // JVNDB: JVNDB-2022-018241 // CNNVD: CNNVD-202207-2005 // NVD: CVE-2022-32801

SOURCES

db:	VULHUB	id:	VHN-424890
db:	VULMON	id:	CVE-2022-32801
db:	JVNDB	id:	JVNDB-2022-018241
db:	CNNVD	id:	CNNVD-202207-2005
db:	NVD	id:	CVE-2022-32801

LAST UPDATE DATE

2024-08-14T12:22:01.765000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-424890	date:	2022-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2022-018241	date:	2023-10-19T05:16:00
db:	CNNVD	id:	CNNVD-202207-2005	date:	2022-09-28T00:00:00
db:	NVD	id:	CVE-2022-32801	date:	2022-09-27T18:55:07.537

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-424890	date:	2022-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2022-018241	date:	2023-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202207-2005	date:	2022-07-20T00:00:00
db:	NVD	id:	CVE-2022-32801	date:	2022-09-23T19:15:12.660