CVE-2022-26688
Severity CVSS v4.0:
Pending analysis
Type:
CWE-59
Link Following
Publication date:
26/05/2022
Last modified:
08/06/2022
Description
An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files.
Impact
Base Score 3.x
4.40
Severity 3.x
MEDIUM
Base Score 2.0
4.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* | 10.15 (including) | 10.15.7 (excluding) |
| cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page