Main Vulnerability Database Vulnerabilities #VU61353

Information disclosure in Apple iOS and iPadOS - CVE-2022-22659

Published: March 14, 2022

Vulnerability identifier: #VU61353

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-22659

CWE-ID: CWE-200

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
Apple iOS
iPadOS

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in NetworkExtension. An attacker on the local network can gain access to sensitive user information.

How to mitigate CVE-2022-22659

Install updates from vendor's website.

Sources

https://support.apple.com/en-us/HT213182

Information disclosure in Apple iOS and iPadOS - CVE-2022-22659

Detailed vulnerability description

How to mitigate CVE-2022-22659

Sources

Please verify you're human