Lucene search

K

[email protected]NVD:CVE-2022-47529

HistoryMar 28, 2023 - 1:15 p.m.

CVE-2022-47529

2023-03-2813:15:07

[email protected]

web.nvd.nist.gov

insecure win32 memory objects

endpoint windows agents

rsa netwitness platform

local user accounts

admin user accounts

modify service configuration

tamper-protection features

acl modification

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

20.5%

Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.

Affected configurations

NVD

Node

rsanetwitnessRange<12.2

References

seclists.org/fulldisclosure/2023/Mar/26

seclists.org/fulldisclosure/2024/Apr/17

community.netwitness.com/t5/netwitness-platform-security/nw-2023-04-netwitness-platform-security-advisory-cve-2022-47529/ta-p/696935

github.com/hyp3rlinx/CVE-2022-47529

hyp3rlinx.altervista.org/advisories/RSA_NETWITNESS_EDR_AGENT_INCORRECT_ACCESS_CONTROL_CVE-2022-47529.txt

packetstormsecurity.com/files/171476/RSA-NetWitness-Endpoint-EDR-Agent-12.x-Incorrect-Access-Control-Code-Execution.html

seclists.org/fulldisclosure/2023/Mar/16

twitter.com/hyp3rlinx/status/1639335477839790105

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

20.5%

Related for NVD:CVE-2022-47529

prion1 cvelist1 cve1 githubexploit1 zdt1 packetstorm2 exploitdb1