CVE-2023-42938 : A logic issue was addressed with improved checks. This issue is fixed in iTunes

A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges.

Published 2024-03-14 19:15:49

Updated 2024-12-09 14:48:52

Source Apple Inc.

View at NVD, CVE.org

Products affected by CVE-2023-42938

Apple » Itunes » For Windows
Versions before (<) 12.13.1
cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-42938

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-42938

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.4	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.5	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-08-26
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST	2024-12-09
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2023-42938

https://support.apple.com/kb/HT214091

About the security content of iTunes 12.13.1 for Windows - Apple Support
Vendor Advisory
https://support.apple.com/en-us/HT214091

About the security content of iTunes 12.13.1 for Windows - Apple Support
Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-42938

Products affected by CVE-2023-42938

Exploit prediction scoring system (EPSS) score for CVE-2023-42938

CVSS scores for CVE-2023-42938

References for CVE-2023-42938