Lucene search

[email protected]CVE-2022-28877

HistoryJul 21, 2022 - 4:15 p.m.

CVE-2022-28877

2022-07-2116:15:09

[email protected]

web.nvd.nist.gov

cve-2022-28877

system security

local privilege escalation

code execution

file deletion

nvd

vulnerability

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation.

Affected configurations

NVD

Node

microsoftwindowsMatch-

AND

f-secureelements_endpoint_protection

CPENameOperatorVersion
f-secure:elements_endpoint_protectionf-secure elements endpoint protectioneq*

CPE	Name	Operator	Version
f-secure:elements_endpoint_protection	f-secure elements endpoint protection	eq	*

CNA Affected

[
  {
    "product": "All F-Secure and WithSecure Endpoint Protection Products for Windows",
    "vendor": "F-Secure and WithSecure",
    "versions": [
      {
        "status": "affected",
        "version": "All Version "
      }
    ]
  }
]

References

www.f-secure.com/en/business/support-and-downloads/security-advisories

www.withsecure.com/en/support/security-advisories

Social References

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-28877

cvelist1 prion1 nvd1