Details of VAR-202207-1488

ID

VAR-202207-1488

CVE

CVE-2022-32824

TITLE

Vulnerabilities in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-020310

DESCRIPTION

The issue was addressed with improved memory handling. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory. iPadOS , iOS , tvOS Unspecified vulnerabilities exist in multiple Apple products.Information may be obtained. iOS 15.6 and iPadOS 15.6

Trust: 1.8

sources: NVD: CVE-2022-32824 // JVNDB: JVNDB-2022-020310 // VULHUB: VHN-424913 // VULMON: CVE-2022-32824

AFFECTED PRODUCTS

vendor:	apple	model:	watchos	scope:	lt	version:	8.7	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	15.6	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.6	Trust: 1.0
vendor:	アップル	model:	watchos	scope:	eq	version:	8.7	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-020310 // NVD: CVE-2022-32824

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-32824
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-32824
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202207-2075
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-32824
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-32824
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-020310 // CNNVD: CNNVD-202207-2075 // NVD: CVE-2022-32824

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-020310 // NVD: CVE-2022-32824

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-2075

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202207-2075

PATCH

title:	HT213342 Apple Security update	url:	https://support.apple.com/en-us/HT213340	Trust: 0.8
title:	Apple iOS and iPadOS Repair measures for information disclosure vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=200832	Trust: 0.6
title:	Apple: iOS 15.6 and iPadOS 15.6	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=25de7f37f4830a629a57f79175aeaa2a	Trust: 0.1

sources: VULMON: CVE-2022-32824 // JVNDB: JVNDB-2022-020310 // CNNVD: CNNVD-202207-2075

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32824	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-020310	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.3563	Trust: 0.6
db:	CS-HELP	id:	SB2022072107	Trust: 0.6
db:	CNNVD	id:	CNNVD-202207-2075	Trust: 0.6
db:	VULHUB	id:	VHN-424913	Trust: 0.1
db:	VULMON	id:	CVE-2022-32824	Trust: 0.1

sources: VULHUB: VHN-424913 // VULMON: CVE-2022-32824 // JVNDB: JVNDB-2022-020310 // CNNVD: CNNVD-202207-2075 // NVD: CVE-2022-32824

REFERENCES

url:	https://support.apple.com/en-us/ht213346	Trust: 2.3
url:	https://support.apple.com/en-us/ht213340	Trust: 1.7
url:	https://support.apple.com/en-us/ht213342	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32824	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-32824/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-38878	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3563	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072107	Trust: 0.6
url:	https://support.apple.com/kb/ht213346	Trust: 0.1

sources: VULHUB: VHN-424913 // VULMON: CVE-2022-32824 // JVNDB: JVNDB-2022-020310 // CNNVD: CNNVD-202207-2075 // NVD: CVE-2022-32824

SOURCES

db:	VULHUB	id:	VHN-424913
db:	VULMON	id:	CVE-2022-32824
db:	JVNDB	id:	JVNDB-2022-020310
db:	CNNVD	id:	CNNVD-202207-2075
db:	NVD	id:	CVE-2022-32824

LAST UPDATE DATE

2024-08-14T12:54:07.820000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-424913	date:	2023-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-020310	date:	2023-11-01T07:23:00
db:	CNNVD	id:	CNNVD-202207-2075	date:	2023-03-09T00:00:00
db:	NVD	id:	CVE-2022-32824	date:	2023-03-08T14:36:50.060

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-424913	date:	2023-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2022-020310	date:	2023-11-01T00:00:00
db:	CNNVD	id:	CNNVD-202207-2075	date:	2022-07-20T00:00:00
db:	NVD	id:	CVE-2022-32824	date:	2023-02-27T20:15:11.547