PT-2022-3906 · Apple+9 · Apple Macos+9

Joshua Mason

·

Published

2022-03-14

·

Updated

2025-10-31

·

CVE-2022-26691

CVSS v2.0

7.2

High

VectorAV:L/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions CUPS versions prior to the fixed version macOS versions prior to macOS Monterey 12.3 macOS Big Sur versions prior to 11.6.5 macOS Catalina versions prior to Security Update 2022-003
Description The issue is related to a logic problem that has been addressed with improved state management, allowing an application to potentially gain elevated privileges. This could be exploited to bypass authentication and execute code, thereby allowing an attacker to elevate their privileges.
Recommendations For CUPS, update to a version that includes the fix for this issue. For macOS Monterey, update to version 12.3 or later. For macOS Big Sur, update to version 11.6.5 or later. For macOS Catalina, apply Security Update 2022-003 or later.

Fix

Improper Privilege Management

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-697CWE-269CWE-288

Related Identifiers

ALT-PU-2022-2348
ALT-PU-2022-2414
ALT-PU-2023-8509
AZL-37072
BDU:2022-04718
CESA-2022_5056
CVE-2022-26691
DLA-3029-1
DSA-5149-1
MGASA-2022-0392
OESA-2022-1708
OPENSUSE-SU-2022_1861-1
OPENSUSE-SU-2024:12122-1
RHSA-2022:4990
RHSA-2022:5054
RHSA-2022:5055
RHSA-2022:5056
RHSA-2022:5057
RHSA-2022_4990
RHSA-2022_5056
RLSA-2022:4990
RLSA-2022:5056
ROSA-SA-2024-2377
SUSE-SU-2022:1861-1
SUSE-SU-2022_1861-1
USN-5454-1
USN-5454-2

Affected Products

Alt Linux
Astra Linux
Centos
Linuxmint
Apple Macos
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu