Lucene search
AppleCVE-2022-32794HistoryNov 01, 2022 - 8:15 p.m.
CVE-2022-32794
2022-11-0120:15:17
apple
web.nvd.nist.gov
49
2
cve-2022-32794
logic issue
security update
catalina
macos monterey
macos big sur
elevated privileges
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7.6
Confidence
High
EPSS
0.001
Percentile
26.4%
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to gain elevated privileges.
Affected configurations
Node
applemac_os_xRange10.15β10.15.7
ORapplemac_os_xMatch10.15.7-
ORapplemac_os_xMatch10.15.7security_update_2020
ORapplemac_os_xMatch10.15.7security_update_2020-001
ORapplemac_os_xMatch10.15.7security_update_2020-005
ORapplemac_os_xMatch10.15.7security_update_2020-007
ORapplemac_os_xMatch10.15.7security_update_2021-001
ORapplemac_os_xMatch10.15.7security_update_2021-002
ORapplemac_os_xMatch10.15.7security_update_2021-003
ORapplemac_os_xMatch10.15.7security_update_2021-004
ORapplemac_os_xMatch10.15.7security_update_2021-005
ORapplemac_os_xMatch10.15.7security_update_2021-006
ORapplemac_os_xMatch10.15.7security_update_2021-007
ORapplemac_os_xMatch10.15.7security_update_2021-008
ORapplemac_os_xMatch10.15.7security_update_2022-001
ORapplemac_os_xMatch10.15.7security_update_2022-002
ORapplemac_os_xMatch10.15.7security_update_2022-003
ORapplemac_os_xMatch10.15.7security_update_2022-004
ORapplemac_os_xMatch10.15.7supplemental_update
ORapplemacosRange11.0β11.6.6
ORapplemacosRange12.0.0β12.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apple | mac_os_x | * | cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
| apple | mac_os_x | 10.15.7 | cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:* |
| apple | mac_os_x | 10.15.7 | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:* |
| apple | mac_os_x | 10.15.7 | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:* |
| apple | mac_os_x | 10.15.7 | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:* |
| apple | mac_os_x | 10.15.7 | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:* |
| apple | mac_os_x | 10.15.7 | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:* |
| apple | mac_os_x | 10.15.7 | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:* |
| apple | mac_os_x | 10.15.7 | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:* |
| apple | mac_os_x | 10.15.7 | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Apple",
"product": "macOS",
"versions": [
{
"version": "unspecified",
"lessThan": "12.4",
"status": "affected",
"versionType": "custom"
}
]
},
{
"vendor": "Apple",
"product": "macOS",
"versions": [
{
"version": "unspecified",
"lessThan": "11.6",
"status": "affected",
"versionType": "custom"
}
]
},
{
"vendor": "Apple",
"product": "macOS",
"versions": [
{
"version": "unspecified",
"lessThan": "2022",
"status": "affected",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
cvelist
cvelist
CVE-2022-32794
2022-11-01 00:00:00
prion
prion
Code injection
2022-11-01 20:15:00
nvd
nvd
CVE-2022-32794
2022-11-01 20:15:17
apple
apple
About the security content of Security Update 2022-004 Catalina
2022-05-16 00:00:00
About the security content of macOS Big Sur 11.6.6
2022-05-16 00:00:00
About the security content of macOS Monterey 12.4
2022-05-16 00:00:00
nessus
nessus
macOS 11.x < 11.6.6 Multiple Vulnerabilities (HT213256)
2022-05-20 00:00:00
macOS 12.x < 12.4 Multiple Vulnerabilities (HT213257)
2022-05-20 00:00:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7.6
Confidence
High
EPSS
0.001
Percentile
26.4%
Related for CVE-2022-32794