Lucene search

[email protected]CVE-2022-39949

HistoryNov 02, 2022 - 12:15 p.m.

CVE-2022-39949

2022-11-0212:15:55

[email protected]

web.nvd.nist.gov

cve-2022-39949

cwe-664

fortiedr

collectorwindows

edr protection

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection.

Affected configurations

NVD

Node

fortinetfortiedrRange4.0.0–4.1.0

fortinetfortiedrRange5.0.0–5.0.3.751

fortinetfortiedrRange5.1.0–5.2.0.2288

AND

microsoftwindowsMatch-

CPENameOperatorVersion
fortinet:fortiedrfortinet fortiedrle4.1.0
fortinet:fortiedrfortinet fortiedrle5.0.3.751
fortinet:fortiedrfortinet fortiedrle5.2.0.2288

CPE	Name	Operator	Version
fortinet:fortiedr	fortinet fortiedr	le	4.1.0
fortinet:fortiedr	fortinet fortiedr	le	5.0.3.751
fortinet:fortiedr	fortinet fortiedr	le	5.2.0.2288

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "Fortinet FortiEDR",
    "versions": [
      {
        "version": "FortiEDR CollectorWindows 4.0.0  through 4.1, 5.0.0 through 5.0.3.751, 5.1.0",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-22-218

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for CVE-2022-39949

nvd1 prion1 fortinet1 cvelist1