CVE-2022-42849 - Vulnerability Details - OpenCVE

An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A user may be able to elevate privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Apple	Ipados Iphone Os Tvos Watchos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2022/Dec/20
http://seclists.org/fulldisclosure/2022/Dec/26
http://seclists.org/fulldisclosure/2022/Dec/27
https://support.apple.com/en-us/HT213530
https://support.apple.com/en-us/HT213535
https://support.apple.com/en-us/HT213536

History

Mon, 21 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-269
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2022-12-15T00:00:00.000Z

Updated: 2025-04-21T15:05:35.002Z

Reserved: 2022-10-11T00:00:00.000Z

Link: CVE-2022-42849

Vulnrichment

Updated: 2024-08-03T13:19:05.395Z

NVD

Status : Modified

Published: 2022-12-15T19:15:24.583

Modified: 2025-04-21T15:15:52.750

Link: CVE-2022-42849

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-42849", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "dateUpdated": "2025-04-21T15:05:35.002Z", "dateReserved": "2022-10-11T00:00:00.000Z", "datePublished": "2022-12-15T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2022-12-21T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A user may be able to elevate privileges."}], "affected": [{"vendor": "Apple", "product": "tvOS", "versions": [{"version": "unspecified", "lessThan": "16.2", "status": "affected", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"version": "unspecified", "lessThan": "16.2", "status": "affected", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "unspecified", "lessThan": "9.2", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT213535"}, {"url": "https://support.apple.com/en-us/HT213530"}, {"url": "https://support.apple.com/en-us/HT213536"}, {"name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Dec/20"}, {"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Dec/26"}, {"name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Dec/27"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "A user may be able to elevate privileges"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:19:05.395Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213535", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213530", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213536", "tags": ["x_transferred"]}, {"name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2022/Dec/20"}, {"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2022/Dec/26"}, {"name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2022/Dec/27"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-269", "lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-21T15:04:21.784560Z", "id": "CVE-2022-42849", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T15:05:35.002Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213535", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213530", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213536", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/20", "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/26", "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/27", "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:19:05.395Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-42849", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-21T15:04:21.784560Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T15:05:15.702Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "tvOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "16.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "16.2", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "9.2", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT213535"}, {"url": "https://support.apple.com/en-us/HT213530"}, {"url": "https://support.apple.com/en-us/HT213536"}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/20", "name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2", "tags": ["mailing-list"]}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/26", "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": ["mailing-list"]}, {"url": "http://seclists.org/fulldisclosure/2022/Dec/27", "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A user may be able to elevate privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "A user may be able to elevate privileges"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2022-12-21T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-42849", "state": "PUBLISHED", "dateUpdated": "2025-04-21T15:05:35.002Z", "dateReserved": "2022-10-11T00:00:00.000Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2022-12-15T00:00:00.000Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "89495791-675B-413C-A86D-ECBADF4EDC4E", "versionEndExcluding": "16.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B1B6657-43F5-4F0E-BE5C-5D828DEE066F", "versionEndExcluding": "16.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "400AD564-BDEC-4C81-B650-56357BEBF0C7", "versionEndExcluding": "16.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A9F3F63-6BF8-4DD5-97FD-D9C90A62ECB0", "versionEndExcluding": "9.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A user may be able to elevate privileges."}, {"lang": "es", "value": "Exist\u00eda un problema de acceso con las llamadas API privilegiadas. Este problema se resolvi\u00f3 con restricciones adicionales. Este problema se solucion\u00f3 en iOS 16.2 y iPadOS 16.2, tvOS 16.2, watchOS 9.2. Un usuario puede aumentar sus privilegios."}], "id": "CVE-2022-42849", "lastModified": "2025-04-21T15:15:52.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-15T19:15:24.583", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Dec/20"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Dec/26"}, {"source": "product-security@apple.com", "url": "http://seclists.org/fulldisclosure/2022/Dec/27"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213530"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213535"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213536"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Dec/20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Dec/26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2022/Dec/27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213530"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213535"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213536"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}