Details of VAR-202207-1464

ID

VAR-202207-1464

CVE

CVE-2022-32840

TITLE

Vulnerabilities in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-017328

DESCRIPTION

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges. iPadOS , iOS , macOS Unspecified vulnerabilities exist in multiple Apple products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15.6 and iPadOS 15.6

Trust: 1.8

sources: NVD: CVE-2022-32840 // JVNDB: JVNDB-2022-017328 // VULHUB: VHN-424929 // VULMON: CVE-2022-32840

AFFECTED PRODUCTS

vendor:	apple	model:	watchos	scope:	lt	version:	8.7	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.5	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	12.0	Trust: 1.0
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	watchos	scope:	eq	version:	8.7	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-017328 // NVD: CVE-2022-32840

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-32840
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-32840
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202207-2014
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-32840
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-32840
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-017328 // CNNVD: CNNVD-202207-2014 // NVD: CVE-2022-32840

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-017328 // NVD: CVE-2022-32840

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-2014

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202207-2014

PATCH

title:	HT213345 Apple Security update	url:	https://support.apple.com/en-us/HT213340	Trust: 0.8
title:	Apple iOS and iPadOS Fixes for permissions and access control issues vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=200794	Trust: 0.6
title:	Apple: iOS 15.6 and iPadOS 15.6	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=25de7f37f4830a629a57f79175aeaa2a	Trust: 0.1
title:	Apple: macOS Monterey 12.5	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c765c13fa342a7957a4e91e6dc3d34f4	Trust: 0.1

sources: VULMON: CVE-2022-32840 // JVNDB: JVNDB-2022-017328 // CNNVD: CNNVD-202207-2014

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32840	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-017328	Trust: 0.8
db:	CS-HELP	id:	SB2022072106	Trust: 0.6
db:	CS-HELP	id:	SB2022072101	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3563	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-2014	Trust: 0.6
db:	VULHUB	id:	VHN-424929	Trust: 0.1
db:	VULMON	id:	CVE-2022-32840	Trust: 0.1

sources: VULHUB: VHN-424929 // VULMON: CVE-2022-32840 // JVNDB: JVNDB-2022-017328 // CNNVD: CNNVD-202207-2014 // NVD: CVE-2022-32840

REFERENCES

url:	https://support.apple.com/en-us/ht213346	Trust: 2.3
url:	https://support.apple.com/en-us/ht213340	Trust: 1.7
url:	https://support.apple.com/en-us/ht213345	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32840	Trust: 0.8
url:	https://vigilance.fr/vulnerability/apple-macos-12-multiple-vulnerabilities-38873	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072101	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-32840/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3563	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072106	Trust: 0.6
url:	https://support.apple.com/kb/ht213346	Trust: 0.1

sources: VULHUB: VHN-424929 // VULMON: CVE-2022-32840 // JVNDB: JVNDB-2022-017328 // CNNVD: CNNVD-202207-2014 // NVD: CVE-2022-32840

SOURCES

db:	VULHUB	id:	VHN-424929
db:	VULMON	id:	CVE-2022-32840
db:	JVNDB	id:	JVNDB-2022-017328
db:	CNNVD	id:	CNNVD-202207-2014
db:	NVD	id:	CVE-2022-32840

LAST UPDATE DATE

2024-08-14T13:04:49.227000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-424929	date:	2022-08-29T00:00:00
db:	JVNDB	id:	JVNDB-2022-017328	date:	2023-10-12T07:38:00
db:	CNNVD	id:	CNNVD-202207-2014	date:	2022-08-30T00:00:00
db:	NVD	id:	CVE-2022-32840	date:	2022-08-29T15:49:37.450

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-424929	date:	2022-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2022-017328	date:	2023-10-12T00:00:00
db:	CNNVD	id:	CNNVD-202207-2014	date:	2022-07-20T00:00:00
db:	NVD	id:	CVE-2022-32840	date:	2022-08-24T20:15:09.057