ID

VAR-202210-1629


CVE

CVE-2022-42830


TITLE

Vulnerabilities in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-022841

DESCRIPTION

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges. apple's iPadOS , iOS , macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-42830 // JVNDB: JVNDB-2022-022841 // VULHUB: VHN-439614

AFFECTED PRODUCTS

vendor:applemodel:ipadosscope:ltversion:16.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:13.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:16.1

Trust: 1.0

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:13.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022841 // NVD: CVE-2022-42830

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-42830
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-42830
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202210-1657
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-42830
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-42830
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022841 // CNNVD: CNNVD-202210-1657 // NVD: CVE-2022-42830

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-022841 // NVD: CVE-2022-42830

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1657

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-1657

PATCH

title:HT213488 Apple  Security updateurl:https://support.apple.com/en-us/HT213488

Trust: 0.8

title:Apple iOS and iPadOS Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=213121

Trust: 0.6

sources: JVNDB: JVNDB-2022-022841 // CNNVD: CNNVD-202210-1657

EXTERNAL IDS

db:NVDid:CVE-2022-42830

Trust: 3.3

db:JVNDBid:JVNDB-2022-022841

Trust: 0.8

db:AUSCERTid:ESB-2022.5303

Trust: 0.6

db:CNNVDid:CNNVD-202210-1657

Trust: 0.6

db:VULHUBid:VHN-439614

Trust: 0.1

sources: VULHUB: VHN-439614 // JVNDB: JVNDB-2022-022841 // CNNVD: CNNVD-202210-1657 // NVD: CVE-2022-42830

REFERENCES

url:https://support.apple.com/en-us/ht213489

Trust: 2.3

url:https://support.apple.com/en-us/ht213488

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-42830

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-42830/

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-39701

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5303

Trust: 0.6

sources: VULHUB: VHN-439614 // JVNDB: JVNDB-2022-022841 // CNNVD: CNNVD-202210-1657 // NVD: CVE-2022-42830

SOURCES

db:VULHUBid:VHN-439614
db:JVNDBid:JVNDB-2022-022841
db:CNNVDid:CNNVD-202210-1657
db:NVDid:CVE-2022-42830

LAST UPDATE DATE

2024-08-14T12:43:43.272000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-439614date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2022-022841date:2023-11-21T01:56:00
db:CNNVDid:CNNVD-202210-1657date:2022-11-07T00:00:00
db:NVDid:CVE-2022-42830date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:VULHUBid:VHN-439614date:2022-11-01T00:00:00
db:JVNDBid:JVNDB-2022-022841date:2023-11-21T00:00:00
db:CNNVDid:CNNVD-202210-1657date:2022-10-24T00:00:00
db:NVDid:CVE-2022-42830date:2022-11-01T20:15:24.510