OpenCVE

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Itunes

Configuration 1 [-]

cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*

No data.

References

Link	Providers
https://support.apple.com/en-us/HT213259

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2022-05-26T19:28:46

Updated: 2024-08-03T05:11:44.523Z

Reserved: 2022-03-08T00:00:00

Link: CVE-2022-26774

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-05-26T20:15:10.077

Modified: 2024-11-21T06:54:28.763

Link: CVE-2022-26774

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "iTunes for Windows", "vendor": "Apple", "versions": [{"lessThan": "12.12", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges."}], "problemTypes": [{"descriptions": [{"description": "A local attacker may be able to elevate their privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-05-26T19:28:46", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT213259"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-26774", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iTunes for Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "12.12"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "A local attacker may be able to elevate their privileges"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT213259", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213259"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:11:44.523Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT213259"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-26774", "datePublished": "2022-05-26T19:28:46", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-08-03T05:11:44.523Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", "matchCriteriaId": "72506296-BA06-42AF-8843-AEB23FFEE4A0", "versionEndExcluding": "12.12.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges."}, {"lang": "es", "value": "Se abord\u00f3 un problema de l\u00f3gica con una administraci\u00f3n de estados mejorada. Este problema es corregido en iTunes versi\u00f3n 12.12.4 para Windows. Un atacante local puede ser capaz de elevar sus privilegios"}], "id": "CVE-2022-26774", "lastModified": "2024-11-21T06:54:28.763", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-26T20:15:10.077", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213259"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213259"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}