| Vulnerability Name: | CVE-2022-22652 (CCN-221708) | ||||||||||||
| Assigned: | 2022-03-14 | ||||||||||||
| Published: | 2022-03-14 | ||||||||||||
| Updated: | 2022-03-26 | ||||||||||||
| Summary: | The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen. | ||||||||||||
| CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) 5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-668 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-22652 Source: XF Type: UNKNOWN apple-ios-cve202222652-sec-bypass(221708) Source: CCN Type: Apple security document HT213182 About the security content of iOS 15.4 and iPadOS 15.4 Source: MISC Type: Release Notes, Vendor Advisory https://support.apple.com/en-us/HT213182 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||