CVE-2022-48611

A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.claris.com/s/answerview?anum=000041674&language=en_US	Not Applicable
https://support.apple.com/en-us/103001	Vendor Advisory
https://support.claris.com/s/answerview?anum=000041674&language=en_US	Not Applicable

Configurations

Configuration 1 (hide)

cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*

History

10 Dec 2024, 17:47

Type	Values Removed	Values Added
References		() https://support.apple.com/en-us/103001 - Vendor Advisory
References	~~() https://support.claris.com/s/answerview?anum=000041674&language=en_US -~~	() https://support.claris.com/s/answerview?anum=000041674&language=en_US - Not Applicable
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:apple:itunes::::::windows::*
First Time		Apple Apple itunes

21 Nov 2024, 07:33

Type	Values Removed	Values Added
References	~~() https://support.claris.com/s/answerview?anum=000041674&language=en_US -~~	() https://support.claris.com/s/answerview?anum=000041674&language=en_US -

06 Sep 2024, 18:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		CWE-693
Summary		(es) Se solucionó un problema de lógica con controles mejorados. Este problema se solucionó en iTunes 12.12.4 para Windows. Un atacante local podría aumentar sus privilegios.

26 Apr 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-26 20:15

Updated : 2024-12-10 17:47

NVD link : CVE-2022-48611

Mitre link : CVE-2022-48611

CVE.ORG link : CVE-2022-48611

JSON object : View

Products Affected

apple

itunes

CWE

NVD-CWE-noinfo CWE-693

Protection Mechanism Failure

{"id": "CVE-2022-48611", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-04-26T20:15:07.150", "references": [{"url": "https://support.claris.com/s/answerview?anum=000041674&language=en_US", "tags": ["Not Applicable"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/103001", "tags": ["Vendor Advisory"], "source": "nvd@nist.gov"}, {"url": "https://support.claris.com/s/answerview?anum=000041674&language=en_US", "tags": ["Not Applicable"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-693"}]}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en iTunes 12.12.4 para Windows. Un atacante local podr\u00eda aumentar sus privilegios."}], "lastModified": "2024-12-10T17:47:45.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "72506296-BA06-42AF-8843-AEB23FFEE4A0", "versionEndExcluding": "12.12.4"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}