CVE-2023-40418

An authentication issue was addressed with improved state management. This issue is fixed in watchOS 10. An Apple Watch Ultra may not lock when using the Depth app.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2023/Oct/9	Mailing List Third Party Advisory
https://support.apple.com/en-us/HT213937	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:apple:watch_ultra:-:::::::*
	cpe:2.3:h:apple:watch_ultra_2:-:::::::*

History

12 Oct 2023, 02:16

Type	Values Removed	Values Added
References	~~(MISC) http://seclists.org/fulldisclosure/2023/Oct/9 -~~	(MISC) http://seclists.org/fulldisclosure/2023/Oct/9 - Mailing List, Third Party Advisory

03 Oct 2023, 06:15

Type	Values Removed	Values Added
References		(MISC) http://seclists.org/fulldisclosure/2023/Oct/9 -

28 Sep 2023, 17:38

Type	Values Removed	Values Added
References	~~(MISC) https://support.apple.com/en-us/HT213937 -~~	(MISC) https://support.apple.com/en-us/HT213937 - Release Notes, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Apple watch Ultra Apple watch Ultra 2 Apple watchos Apple
CPE		cpe:2.3:o:apple:watchos:::::::: cpe:2.3:h:apple:watch_ultra_2:-:::::::* cpe:2.3:h:apple:watch_ultra:-:::::::*
CWE		NVD-CWE-noinfo

27 Sep 2023, 15:41

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-27 15:19

Updated : 2023-12-10 15:14

NVD link : CVE-2023-40418

Mitre link : CVE-2023-40418

CVE.ORG link : CVE-2023-40418

JSON object : View

Products Affected

apple

watchos
watch_ultra_2
watch_ultra

CWE

NVD-CWE-noinfo

5.5 /10