Details of VAR-202211-0019

ID

VAR-202211-0019

CVE

CVE-2022-32889

TITLE

apple's iOS and watchOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-022783

DESCRIPTION

The issue was addressed with improved memory handling. This issue is fixed in iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. apple's iOS and watchOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-32889 // JVNDB: JVNDB-2022-022783 // VULHUB: VHN-424978

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	16.0	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	9.0	Trust: 1.0
vendor:	アップル	model:	watchos	scope:	eq	version:	9.0	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-022783 // NVD: CVE-2022-32889

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2022-32889
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-202211-1878
value:	HIGH
Trust: 0.6

NVD:
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-32889
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-022783 // NVD: CVE-2022-32889 // CNNVD: CNNVD-202211-1878

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-022783 // NVD: CVE-2022-32889

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202211-1878

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-1878

CONFIGURATIONS

sources: NVD: CVE-2022-32889

PATCH

title:	HT213446 Apple Security update	url:	https://support.apple.com/en-us/ht213446	Trust: 0.8
title:	Apple watchOS Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqbyid.tag?id=213022	Trust: 0.6

sources: JVNDB: JVNDB-2022-022783 // CNNVD: CNNVD-202211-1878

EXTERNAL IDS

db:	NVD	id:	CVE-2022-32889	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-022783	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.5473	Trust: 0.6
db:	CNNVD	id:	CNNVD-202211-1878	Trust: 0.6
db:	VULHUB	id:	VHN-424978	Trust: 0.1

sources: VULHUB: VHN-424978 // JVNDB: JVNDB-2022-022783 // NVD: CVE-2022-32889 // CNNVD: CNNVD-202211-1878

REFERENCES

url:	https://support.apple.com/en-us/ht213446	Trust: 1.7
url:	https://support.apple.com/en-us/ht213486	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32889	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.5473	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-32889/	Trust: 0.6

sources: VULHUB: VHN-424978 // JVNDB: JVNDB-2022-022783 // NVD: CVE-2022-32889 // CNNVD: CNNVD-202211-1878

SOURCES

db:	VULHUB	id:	VHN-424978
db:	JVNDB	id:	JVNDB-2022-022783
db:	NVD	id:	CVE-2022-32889
db:	CNNVD	id:	CNNVD-202211-1878

LAST UPDATE DATE

2023-12-18T10:55:29.153000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-424978	date:	2022-11-03T00:00:00
db:	JVNDB	id:	JVNDB-2022-022783	date:	2023-11-21T00:42:00
db:	NVD	id:	CVE-2022-32889	date:	2022-11-03T15:18:32.870
db:	CNNVD	id:	CNNVD-202211-1878	date:	2022-11-04T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-424978	date:	2022-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2022-022783	date:	2023-11-21T00:00:00
db:	NVD	id:	CVE-2022-32889	date:	2022-11-01T20:15:18.693
db:	CNNVD	id:	CNNVD-202211-1878	date:	2022-11-01T00:00:00