Lucene search

AppleCVE-2024-44147

HistorySep 17, 2024 - 12:15 a.m.

CVE-2024-44147

2024-09-1700:15:50

CWE-269

apple

web.nvd.nist.gov

ios 18

ipados 18

improved state management

unauthorized access

local network

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.4

Confidence

Low

EPSS

Percentile

9.6%

JSON

This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network.

Affected configurations

Vulners

Vulnrichment

Node

appleiphone_osRange<18

appleipad_osRange<18

VendorProductVersionCPE
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appleipad_os*cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	ipad_os	*	cpe:2.3:o:apple:ipad_os::::::::

CNA Affected

[
  {
    "vendor": "Apple",
    "product": "iOS and iPadOS",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "18",
        "versionType": "custom"
      }
    ]
  }
]

References

support.apple.com/en-us/121250

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.4

Confidence

Low

EPSS

Percentile

9.6%

JSON

Related for CVE-2024-44147