ID

VAR-202207-1482


CVE

CVE-2022-32857


TITLE

Vulnerabilities in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-017330

DESCRIPTION

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A user in a privileged network position can track a user’s activity. iPadOS , iOS , Apple Mac OS X Unspecified vulnerabilities exist in multiple Apple products.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-32857 // JVNDB: JVNDB-2022-017330 // VULHUB: VHN-424946

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:10.15.7

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:macosscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:8.7

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.6.8

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.5

Trust: 1.0

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope:eqversion:8.7

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-017330 // NVD: CVE-2022-32857

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32857
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-32857
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202207-2067
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-32857
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-32857
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-017330 // CNNVD: CNNVD-202207-2067 // NVD: CVE-2022-32857

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-017330 // NVD: CVE-2022-32857

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202207-2067

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-2067

PATCH

title:HT213345 Apple  Security updateurl:https://support.apple.com/en-us/HT213340

Trust: 0.8

title:Apple iPadOS and Apple iOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206241

Trust: 0.6

title:Apple: macOS Big Sur 11.6.8url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=46307825e8223bef6aa99c76dff503a5

Trust: 0.1

title:Apple: iOS 15.6 and iPadOS 15.6url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=25de7f37f4830a629a57f79175aeaa2a

Trust: 0.1

title:Apple: macOS Monterey 12.5url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c765c13fa342a7957a4e91e6dc3d34f4

Trust: 0.1

title:Apple: Security Update 2022-005 Catalinaurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=b71ee1a3b689c178ee5a5bc823295063

Trust: 0.1

sources: VULMON: CVE-2022-32857 // JVNDB: JVNDB-2022-017330 // CNNVD: CNNVD-202207-2067

EXTERNAL IDS

db:NVDid:CVE-2022-32857

Trust: 3.4

db:JVNDBid:JVNDB-2022-017330

Trust: 0.8

db:AUSCERTid:ESB-2022.3563

Trust: 0.6

db:CS-HELPid:SB2022072107

Trust: 0.6

db:CNNVDid:CNNVD-202207-2067

Trust: 0.6

db:VULHUBid:VHN-424946

Trust: 0.1

db:VULMONid:CVE-2022-32857

Trust: 0.1

sources: VULHUB: VHN-424946 // VULMON: CVE-2022-32857 // JVNDB: JVNDB-2022-017330 // CNNVD: CNNVD-202207-2067 // NVD: CVE-2022-32857

REFERENCES

url:https://support.apple.com/en-us/ht213346

Trust: 2.3

url:https://support.apple.com/en-us/ht213340

Trust: 1.7

url:https://support.apple.com/en-us/ht213342

Trust: 1.7

url:https://support.apple.com/en-us/ht213343

Trust: 1.7

url:https://support.apple.com/en-us/ht213344

Trust: 1.7

url:https://support.apple.com/en-us/ht213345

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-32857

Trust: 0.8

url:https://vigilance.fr/vulnerability/apple-macos-12-multiple-vulnerabilities-38873

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-32857/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3563

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072107

Trust: 0.6

url:https://support.apple.com/kb/ht213344

Trust: 0.1

sources: VULHUB: VHN-424946 // VULMON: CVE-2022-32857 // JVNDB: JVNDB-2022-017330 // CNNVD: CNNVD-202207-2067 // NVD: CVE-2022-32857

SOURCES

db:VULHUBid:VHN-424946
db:VULMONid:CVE-2022-32857
db:JVNDBid:JVNDB-2022-017330
db:CNNVDid:CNNVD-202207-2067
db:NVDid:CVE-2022-32857

LAST UPDATE DATE

2024-08-14T12:14:13.222000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-424946date:2022-11-02T00:00:00
db:JVNDBid:JVNDB-2022-017330date:2023-10-12T07:44:00
db:CNNVDid:CNNVD-202207-2067date:2022-09-01T00:00:00
db:NVDid:CVE-2022-32857date:2022-11-02T13:18:35.983

SOURCES RELEASE DATE

db:VULHUBid:VHN-424946date:2022-08-24T00:00:00
db:JVNDBid:JVNDB-2022-017330date:2023-10-12T00:00:00
db:CNNVDid:CNNVD-202207-2067date:2022-07-20T00:00:00
db:NVDid:CVE-2022-32857date:2022-08-24T20:15:09.097