Sign-up

ID

VAR-202212-1308


CVE

CVE-2022-42862


TITLE

Vulnerabilities in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023815

DESCRIPTION

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to bypass Privacy preferences

Trust: 1.8

sources: NVD: CVE-2022-42862 // JVNDB: JVNDB-2022-023815 // VULHUB: VHN-439675 // VULMON: CVE-2022-42862

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:16.2

Trust: 1.0

vendor:applemodel:macosscope:ltversion:13.1

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:16.2

Trust: 1.0

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:13.1

Trust: 0.8

sources: JVNDB: JVNDB-2022-023815 // NVD: CVE-2022-42862

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-42862
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-42862
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202212-3037
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-42862
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-42862
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023815 // CNNVD: CNNVD-202212-3037 // NVD: CVE-2022-42862

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023815 // NVD: CVE-2022-42862

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-3037

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-3037

PATCH

title:HT213530 Apple  Security updateurl:https://support.apple.com/en-us/HT213530

Trust: 0.8

sources: JVNDB: JVNDB-2022-023815

EXTERNAL IDS

db:NVDid:CVE-2022-42862

Trust: 3.4

db:JVNDBid:JVNDB-2022-023815

Trust: 0.8

db:CNNVDid:CNNVD-202212-3037

Trust: 0.6

db:VULHUBid:VHN-439675

Trust: 0.1

db:VULMONid:CVE-2022-42862

Trust: 0.1

sources: VULHUB: VHN-439675 // VULMON: CVE-2022-42862 // JVNDB: JVNDB-2022-023815 // CNNVD: CNNVD-202212-3037 // NVD: CVE-2022-42862

REFERENCES

url:http://seclists.org/fulldisclosure/2022/dec/20

Trust: 2.5

url:http://seclists.org/fulldisclosure/2022/dec/23

Trust: 2.5

url:https://support.apple.com/en-us/ht213530

Trust: 2.4

url:https://support.apple.com/en-us/ht213532

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-42862

Trust: 0.8

url:https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-of-december-2022-40105

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-42862/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-439675 // VULMON: CVE-2022-42862 // JVNDB: JVNDB-2022-023815 // CNNVD: CNNVD-202212-3037 // NVD: CVE-2022-42862

SOURCES

db:VULHUBid:VHN-439675
db:VULMONid:CVE-2022-42862
db:JVNDBid:JVNDB-2022-023815
db:CNNVDid:CNNVD-202212-3037
db:NVDid:CVE-2022-42862

LAST UPDATE DATE

2024-08-14T14:02:11.776000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-439675date:2022-12-21T00:00:00
db:VULMONid:CVE-2022-42862date:2022-12-15T00:00:00
db:JVNDBid:JVNDB-2022-023815date:2023-11-30T03:02:00
db:CNNVDid:CNNVD-202212-3037date:2022-12-22T00:00:00
db:NVDid:CVE-2022-42862date:2022-12-21T15:55:48.200

SOURCES RELEASE DATE

db:VULHUBid:VHN-439675date:2022-12-15T00:00:00
db:VULMONid:CVE-2022-42862date:2022-12-15T00:00:00
db:JVNDBid:JVNDB-2022-023815date:2023-11-30T00:00:00
db:CNNVDid:CNNVD-202212-3037date:2022-12-13T00:00:00
db:NVDid:CVE-2022-42862date:2022-12-15T19:15:25.290