CVE-2022-26724Improper Authentication in Apple Tvos

CWE-287Improper Authentication3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 87.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Tvos
Timeline
PublishedMay 26
Latest updateMay 27

Description

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5apple/tvosunspecified15.5
NVDapple/tvos< 15.5
Appleapple/tvos15.5

🔴Vulnerability Details

1
GHSA
GHSA-39rg-8h92-xq56: An authentication issue was addressed with improved state management2022-05-27

📋Vendor Advisories

1
Apple
CVE-2022-26724: tvOS 15.52022-05-16
CVE-2022-26724 — Improper Authentication in Apple Tvos | cvebase