CVE-2022-46725

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

A

spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/11/15/1	Mailing List
https://support.apple.com/en-us/HT213676	Release Notes Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/11/15/1	Mailing List
https://support.apple.com/en-us/HT213676	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::

History

21 Nov 2024, 07:30

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2023/11/15/1 - Mailing List~~	() http://www.openwall.com/lists/oss-security/2023/11/15/1 - Mailing List
References	~~() https://support.apple.com/en-us/HT213676 - Release Notes, Vendor Advisory~~	() https://support.apple.com/en-us/HT213676 - Release Notes, Vendor Advisory

Information

Published : 2023-08-14 23:15

Updated : 2024-11-21 07:30

NVD link : CVE-2022-46725

Mitre link : CVE-2022-46725

CVE.ORG link : CVE-2022-46725

JSON object : View

Products Affected

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-46725", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-08-14T23:15:10.420", "references": [{"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1", "tags": ["Mailing List"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/HT213676", "tags": ["Release Notes", "Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/15/1", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/en-us/HT213676", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing."}, {"lang": "es", "value": "Exist\u00eda un problema de suplantaci\u00f3n de identidad en el tratamiento de las URL. Este problema se solucion\u00f3 con una mejora en la validaci\u00f3n de entrada. Este problema se ha solucionado en iOS 16.4 y iPadOS 16.4. La visita a un sitio web malicioso puede provocar la suplantaci\u00f3n de la barra de direcciones."}], "lastModified": "2024-11-21T07:30:59.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE68C5EC-5829-481D-BFF7-0A501018A3CE", "versionEndExcluding": "16.4"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F02C0CA5-8ABA-48C7-BCAE-5CF25435DF87", "versionEndExcluding": "16.4"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}