CVE-2022-26691
MEDIUMCUPS < 2.4.2 - Privilege Escalation via Incorrect Comparison
Title source: llmDescription
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.
References (9)
Core 9
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT213183
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT213184
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT213185
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2022/dsa-5149
Third Party Advisory x_refsource_misc
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/
Patch, Third Party Advisory x_refsource_misc
https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/
Scores
CVSS v3
6.7
EPSS
0.0058
EPSS Percentile
42.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-697
Status
published
Products (10)
apple/cups
< 499.4
apple/mac_os_x
10.15.7 (14 CPE variants)
apple/mac_os_x
10.15 - 10.15.7
apple/macos
11.0 - 11.6.5
debian/debian_linux
9.0
debian/debian_linux
10.0
debian/debian_linux
11.0
fedoraproject/fedora
35
fedoraproject/fedora
36
openprinting/cups
< 2.4.2
Published
May 26, 2022
Tracked Since
Feb 18, 2026