CVE-2023-32417

2023-06-2318:15:13

[email protected]

web.nvd.nist.gov

881

cve-2023-32417

apple watch

watchos 9.5

accessibility

physical access

2.4 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

3.6 Low

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

12.9%

JSON

This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features.

Affected configurations

Vulners

NVD

Node

applewatchosRange<9.5

VendorProductVersionCPE
applewatchos*cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	watchos	*	cpe:2.3:o:apple:watchos::::::::

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "watchOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "9.5",
        "versionType": "custom"
      }
    ]
  }
]