Lucene search

[email protected]CVE-2022-28881

HistoryAug 10, 2022 - 8:15 p.m.

CVE-2022-28881

2022-08-1020:15:32

[email protected]

web.nvd.nist.gov

cve-2022-28881

denial of service

dos

f-secure atlant

aerdl.dll

vulnerability

exploit

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.5%

JSON

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker.

Affected configurations

NVD

Node

applemacosMatch-

microsoftwindowsMatch-

AND

f-secureelements_endpoint_detection_and_response

f-secureelements_endpoint_protection

Node

f-secureatlant

f-securecloud_protection_for_salesforce

f-secureelements_collaboration_protection

f-secureinternet_gatekeeper

f-securelinux_securityx86

f-securelinux_security_64

CPENameOperatorVersion
f-secure:elements_endpoint_detection_and_responsef-secure elements endpoint detection and responseeq*
f-secure:elements_endpoint_protectionf-secure elements endpoint protectioneq*

CPE	Name	Operator	Version
f-secure:elements_endpoint_detection_and_response	f-secure elements endpoint detection and response	eq	*
f-secure:elements_endpoint_protection	f-secure elements endpoint protection	eq	*

CNA Affected

[
  {
    "product": "All F-Secure and WithSecure Endpoint Protection products for Windows & Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
    "vendor": "F-Secure and WithSecure",
    "versions": [
      {
        "status": "affected",
        "version": "All Version "
      }
    ]
  }
]

References

www.f-secure.com/en/business/support-and-downloads/security-advisories

www.withsecure.com/en/support/security-advisories

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.5%

JSON

Related for CVE-2022-28881

prion1 nvd1 cvelist1