{"api_version":"1","generated_at":"2026-04-23T04:21:55+00:00","cve":"CVE-2022-22652","urls":{"html":"https://cve.report/CVE-2022-22652","api":"https://cve.report/api/cve/CVE-2022-22652.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-22652","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-22652"},"summary":{"title":"CVE-2022-22652","description":"The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2022-03-18 18:15:00","updated_at":"2023-08-08 14:22:00"},"problem_types":["CWE-306"],"metrics":[],"references":[{"url":"https://support.apple.com/en-us/HT213182","name":"https://support.apple.com/en-us/HT213182","refsource":"MISC","tags":[],"title":"About the security content of iOS 15.4 and iPadOS 15.4 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-22652","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22652","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"22652","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22652","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-22652","qid":"610404","title":"Apple iOS 15.4 and iPadOS 15.4 Security Update Missing"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-22652","ASSIGNER":"product-security@apple.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Apple","product":{"product_data":[{"product_name":"iOS and iPadOS","version":{"version_data":[{"version_affected":"<","version_value":"15.4"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"A person with physical access may be able to view and modify the carrier account information and settings from the lock screen"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://support.apple.com/en-us/HT213182","name":"https://support.apple.com/en-us/HT213182"}]},"description":{"description_data":[{"lang":"eng","value":"The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen."}]}},"nvd":{"publishedDate":"2022-03-18 18:15:00","lastModifiedDate":"2023-08-08 14:22:00","problem_types":["CWE-306"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.9,"impactScore":5.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.6},"severity":"LOW","exploitabilityScore":3.9,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"15.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"15.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"22652","Ordinal":"225012","Title":"CVE-2022-22652","CVE":"CVE-2022-22652","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"22652","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}