Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_HT213345.NASL
HistoryAug 19, 2022 - 12:00 a.m.

macOS 12.x < 12.5 (HT213345)

2022-08-1900:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
139
JSON

The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.5 Monterey. It is, therefore, affected by multiple vulnerabilities :

  • Exploitation of this vulnerability may lead to memory corruption issue. (CVE-2022-32787)

  • Exploitation of this vulnerability may to disclose kernel memory. (CVE-2022-32793)

  • Exploitation of this vulnerability may lead to gain elevated privileges. (CVE-2022-32798)

Note that Nessus has not tested for this issue but has instead relied only on the operating system’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(164291);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/15");

  script_cve_id(
    "CVE-2021-28544",
    "CVE-2022-2294",
    "CVE-2022-24070",
    "CVE-2022-26981",
    "CVE-2022-29046",
    "CVE-2022-29048",
    "CVE-2022-32785",
    "CVE-2022-32786",
    "CVE-2022-32787",
    "CVE-2022-32789",
    "CVE-2022-32792",
    "CVE-2022-32793",
    "CVE-2022-32796",
    "CVE-2022-32797",
    "CVE-2022-32798",
    "CVE-2022-32799",
    "CVE-2022-32800",
    "CVE-2022-32801",
    "CVE-2022-32805",
    "CVE-2022-32807",
    "CVE-2022-32810",
    "CVE-2022-32811",
    "CVE-2022-32812",
    "CVE-2022-32813",
    "CVE-2022-32814",
    "CVE-2022-32815",
    "CVE-2022-32816",
    "CVE-2022-32817",
    "CVE-2022-32818",
    "CVE-2022-32819",
    "CVE-2022-32820",
    "CVE-2022-32821",
    "CVE-2022-32823",
    "CVE-2022-32825",
    "CVE-2022-32826",
    "CVE-2022-32828",
    "CVE-2022-32829",
    "CVE-2022-32831",
    "CVE-2022-32832",
    "CVE-2022-32834",
    "CVE-2022-32837",
    "CVE-2022-32838",
    "CVE-2022-32839",
    "CVE-2022-32840",
    "CVE-2022-32841",
    "CVE-2022-32842",
    "CVE-2022-32843",
    "CVE-2022-32845",
    "CVE-2022-32847",
    "CVE-2022-32848",
    "CVE-2022-32849",
    "CVE-2022-32851",
    "CVE-2022-32852",
    "CVE-2022-32853",
    "CVE-2022-32857"
  );
  script_xref(name:"APPLE-SA", value:"HT213345");
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2022-07-20");
  script_xref(name:"IAVA", value:"2022-A-0295-S");
  script_xref(name:"IAVA", value:"2022-A-0442-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/09/15");

  script_name(english:"macOS 12.x < 12.5 (HT213345)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple
vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.5 Monterey. It is, therefore, 
affected by multiple vulnerabilities :

  - Exploitation of this vulnerability may lead to memory corruption issue. (CVE-2022-32787)

  - Exploitation of this vulnerability may to disclose kernel memory. (CVE-2022-32793)

  - Exploitation of this vulnerability may lead to gain elevated privileges. (CVE-2022-32798)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported
version number.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-gb/HT213345");
  script_set_attribute(attribute:"solution", value:
"Upgrade to macOS 12.5 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-26981");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-32845");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/07/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/08/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_ports("Host/MacOSX/Version", "Host/local_checks_enabled", "Host/MacOSX/packages/boms");

  exit(0);
}

include('vcf_extras_apple.inc');

var app_info = vcf::apple::macos::get_app_info();
var constraints = [
  {
    'min_version': '12.0', 
    'fixed_version': '12.5', 
    'fixed_display': 'macOS Monterey 12.5'
  }
];

vcf::apple::macos::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_WARNING
);
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x
applemacoscpe:/o:apple:macos

References

Related

nessus 25
apple 6
thn 1
osv 9
ubuntu 3
mageia 2
suse 3
archlinux 4
debian 4
fedora 4
photon 2
freebsd 1
cve 52
cnvd 11
prion 51
githubexploit 2
redhatcve 5
veracode 2
zdi 2
ubuntucve 2
debiancve 4
alpinelinux 2
github 1
ibm 1
nessus
nessus
macOS 11.x < 11.6.8 (HT213344)
2022-08-19 00:00:00
macOS 10.15.x < Catalina Security Update 2022-005 Catalina (HT213343)
2022-07-22 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : WebKitGTK vulnerabilities (USN-5568-1)
2022-08-15 00:00:00
apple
apple
About the security content of macOS Monterey 12.5
2022-07-20 00:00:00
About the security content of macOS Big Sur 11.6.8
2022-07-20 00:00:00
About the security content of watchOS 8.7
2022-07-20 00:00:00
thn
thn
Apple Releases Security Patches for all Devices Fixing Dozens of New Vulnerabilities
2022-07-21 06:40:00
osv
osv
webkit2gtk vulnerabilities
2022-08-15 12:23:31
subversion vulnerabilities
2022-05-27 01:00:42
subversion vulnerabilities
2022-04-12 17:08:51
ubuntu
ubuntu
WebKitGTK vulnerabilities
2022-08-15 00:00:00
Subversion vulnerabilities
2022-05-27 00:00:00
Subversion vulnerabilities
2022-04-12 00:00:00
mageia
mageia
Updated webkit2 packages fix security vulnerability
2022-08-20 13:04:13
Updated subversion packages fix security vulnerability
2022-04-13 19:06:19
suse
suse
Security update for subversion (important)
2022-04-12 00:00:00
Security update for webkit2gtk3 (important)
2022-08-16 00:00:00
Security update for webkit2gtk3 (important)
2022-08-16 00:00:00
archlinux
archlinux
[ASA-202207-3] webkit2gtk: multiple issues
2022-07-29 00:00:00
[ASA-202207-1] webkit2gtk-5.0: multiple issues
2022-07-29 00:00:00
[ASA-202207-2] wpewebkit: multiple issues
2022-07-29 00:00:00
debian
debian
[SECURITY] [DSA 5210-1] webkit2gtk security update
2022-08-16 21:53:19
[SECURITY] [DSA 5211-1] wpewebkit security update
2022-08-16 21:54:44
[SECURITY] [DLA 3073-1] webkit2gtk security update
2022-08-17 10:39:21
fedora
fedora
[SECURITY] Fedora 36 Update: webkit2gtk3-2.36.5-1.fc36
2022-07-31 01:39:53
[SECURITY] Fedora 35 Update: webkit2gtk3-2.36.6-1.fc35
2022-08-16 01:42:44
[SECURITY] Fedora 36 Update: subversion-1.14.2-5.fc36
2022-07-15 01:17:37
photon
photon
Important Photon OS Security Update - PHSA-2022-0389
2022-05-03 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0389
2022-05-03 00:00:00
freebsd
freebsd
Subversion -- Multiple vulnerabilities in server code
2022-04-12 00:00:00
cve
cve
CVE-2022-32796
2022-09-23 19:15:00
CVE-2022-32852
2022-09-23 19:15:00
CVE-2022-32789
2022-09-23 19:15:00
cnvd
cnvd
Jenkins Subversion Plugin Cross-Site Request Forgery Vulnerability
2022-04-13 00:00:00
Apple iOS and iPadOS GPU Driver Buffer Overflow Vulnerability
2022-07-22 00:00:00
Apple macOS Monterey Buffer Overflow Vulnerability (CNVD-2022-71990)
2022-07-27 00:00:00
prion
prion
Information disclosure
2022-09-23 19:15:00
Design/Logic Flaw
2022-08-24 20:15:00
Design/Logic Flaw
2022-09-23 19:15:00
githubexploit
githubexploit
Exploit for Vulnerability in Apple Macos
2022-07-22 17:37:27
Exploit for Vulnerability in Apple Macos
2022-07-21 13:09:50
redhatcve
redhatcve
CVE-2022-29048
2022-04-13 09:52:04
CVE-2022-26981
2022-03-14 06:18:35
CVE-2022-32816
2023-09-14 15:51:15
veracode
veracode
Cross-site Scripting (XSS)
2022-06-03 14:55:36
Denial Of Service (DoS)
2022-07-30 21:00:56
zdi
zdi
Apple macOS AppleScript TASUnparser_PrintObject Untrusted Pointer Dereference Information Disclosure Vulnerability
2022-08-23 00:00:00
Apple macOS AppleScript UASIsConstant SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2023-05-17 00:00:00
ubuntucve
ubuntucve
CVE-2022-26981
2022-03-13 00:00:00
CVE-2022-32816
2022-07-28 00:00:00
debiancve
debiancve
CVE-2022-32793
2022-08-24 20:15:00
CVE-2022-32816
2022-09-23 19:15:00
CVE-2022-26981
2022-03-13 18:15:00
alpinelinux
alpinelinux
CVE-2022-26981
2022-03-13 18:15:00
CVE-2022-32816
2022-09-23 19:15:00
github
github
CSRF vulnerability in Jenkins Subversion Plugin
2022-04-13 00:00:16
ibm
ibm
Security Bulletin: A security vulnerability has been identified in Apache Subversion shipped with IBM Tivoli Netcool Impact (CVE-2021-28544)
2022-07-06 05:35:34
JSON
Related for MACOS_HT213345.NASL
nessus25apple6thn1osv9ubuntu3mageia2suse3archlinux4debian4fedora4photon2freebsd1cve52cnvd11prion51githubexploit2redhatcve5veracode2zdi2ubuntucve2debiancve4alpinelinux2github1ibm1