Vulnerability CVE-2022-26691

Vulnerability Name:

CVE-2022-26691 (CCN-227437)

Assigned:

2022-05-25

Published:

2022-05-25

Updated:

2022-10-19

Summary:

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.

CVSS v3 Severity:

6.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

6.7 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
5.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-269
CWE-288

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2022-26691

Source: XF
Type: UNKNOWN
apple-macos-cve202226691-priv-esc(227437)

Source: MISC
Type: Third Party Advisory
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20220527 [SECURITY] [DLA 3029-1] cups security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-09a89bc265

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-39e057bc6d

Source: CCN
Type: Apple security document HT213183
About the security content of macOS Monterey 12.3

Source: MISC
Type: Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213183

Source: MISC
Type: Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213184

Source: MISC
Type: Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213185

Source: DEBIAN
Type: Third Party Advisory
DSA-5149

Source: CCN
Type: IBM Security Bulletin 6615221 (Robotic Process Automation for Cloud Pak)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Source: CCN
Type: IBM Security Bulletin 6620337 (Cloud Pak for Watson AIOps)
Due to use of Apple macOS Monterey and macOS Big Sur, IBM Cloud PAK for Watson AI Ops is vulnerable to attacks gaining elevated priviledges (CVE-2022-26691)

Source: CCN
Type: IBM Security Bulletin 6829141 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to elevated privileges in Apple macOS Monterey and macOS Big Sur. (CVE-2022-26691)

Source: CCN
Type: IBM Security Bulletin 6837233 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container operands may be vulnerable to elevated privileges due to CVE-2022-26691

Source: CCN
Type: Mend Vulnerability Database
CVE-2022-26691

Vulnerable Configuration:

Configuration 1:

cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version >= 10.15 and < 10.15.7)

OR cpe:/o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*

OR cpe:/o:apple:macos:*:*:*:*:*:*:*:* (Version >= 11.0 and < 11.6.5)

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*

OR cpe:/o:apple:macos:*:*:*:*:*:*:*:* (Version > 12.0.0 and < 12.3)

OR cpe:/a:apple:cups:*:*:*:*:*:*:*:* (Version < 499.4)

Configuration 2:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:openprinting:cups:*:*:*:*:*:*:*:* (Version < 2.4.2)

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:9::baseos:*:*:*:*:*

Configuration RedHat 5:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/o:apple:macos_big_sur:11.6.4:*:*:*:*:*:*:*

AND

cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8002	P	cups-ddk-2.2.7-150000.3.40.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7474	P	cups-2.2.7-150000.3.40.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7926	P	libcups2-32bit-2.2.7-150000.3.40.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3604	P	libhogweed2-2.7.1-12.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3690	P	libu2f-host0-1.1.6-3.5.1 on GA media (Moderate)	2022-06-28
oval:com.redhat.rhsa:def:20224990	P	RHSA-2022:4990: cups security update (Important)	2022-06-15
oval:com.redhat.rhsa:def:20225056	P	RHSA-2022:5056: cups security and bug fix update (Important)	2022-06-15
oval:org.opensuse.security:def:119590	P	Security update for cups (Important)	2022-05-26
oval:org.opensuse.security:def:94449	P	(Important)	2022-05-26
oval:org.opensuse.security:def:93139	P	(Important)	2022-05-26
oval:org.opensuse.security:def:118909	P	Security update for cups (Important)	2022-05-26
oval:org.opensuse.security:def:93814	P	(Important)	2022-05-26
oval:org.opensuse.security:def:498	P	Security update for cups (Important)	2022-05-26
oval:org.opensuse.security:def:95234	P	Security update for cups (Important)	2022-05-26
oval:org.opensuse.security:def:93299	P	(Important)	2022-05-26
oval:org.opensuse.security:def:119215	P	Security update for cups (Important)	2022-05-26
oval:org.opensuse.security:def:94028	P	(Important)	2022-05-26
oval:org.opensuse.security:def:95320	P	Security update for cups (Important)	2022-05-26
oval:org.opensuse.security:def:93457	P	(Important)	2022-05-26
oval:org.opensuse.security:def:902	P	Security update for cups (Important)	2022-05-26
oval:org.opensuse.security:def:119405	P	Security update for cups (Important)	2022-05-26
oval:org.opensuse.security:def:94240	P	(Important)	2022-05-26
oval:org.opensuse.security:def:42391	P	Security update for cups (Important)	2022-05-26
oval:org.opensuse.security:def:118719	P	Security update for cups (Important)	2022-05-26
oval:org.opensuse.security:def:93611	P	(Important)	2022-05-26
oval:org.opensuse.security:def:1174	P	Security update for cups (Important)	2022-05-26

BACK