cvelistv5 - CVE-2022-23446

CVE-2022-23446 (GCVE-0-2022-23446)

Vulnerability from cvelistv5

Published

2022-04-06 09:00

Modified

2024-10-22 20:59

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE

Denial of service

Summary

References

URL

Tags

	psirt@fortinet.com	https://fortiguard.com/psirt/FG-IR-22-052	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/psirt/FG-IR-22-052	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	Fortinet	Fortinet FortiEDR	Version: FortiEDR 5.0.2, 5.0.1, 5.0.0, 4.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:43:45.885Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-22-052"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-23446",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:19:42.987818Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T20:59:46.351Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiEDR",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiEDR 5.0.2, 5.0.1, 5.0.0, 4.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-06T09:00:17",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-22-052"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2022-23446",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiEDR",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiEDR 5.0.2, 5.0.1, 5.0.0, 4.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "availabilityImpact": "High",
            "baseScore": 4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "integrityImpact": "None",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-22-052",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-22-052"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-23446",
    "datePublished": "2022-04-06T09:00:17",
    "dateReserved": "2022-01-19T00:00:00",
    "dateUpdated": "2024-10-22T20:59:46.351Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-23446\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2022-04-06T09:15:08.550\",\"lastModified\":\"2024-11-21T06:48:34.237\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission.\"},{\"lang\":\"es\",\"value\":\"Un control inapropiado de un recurso a lo largo de su vida en Fortinet FortiEDR versiones 5.0.3 y anteriores, permite a un atacante hacer que toda la aplicaci\u00f3n no responda por medio de cambiar su permiso de acceso al directorio root\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiedr:4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41956307-6575-410D-8F95-C9F0EB3540E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiedr:5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AEF3519-19B6-4A6C-AEC2-B5DE4DAEF41B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiedr:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF807BAA-4DF4-4E6E-8053-F026C3B8DCB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortiedr:5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D4B10B6-8623-48B1-878E-F7DA0ED464FF\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.com/psirt/FG-IR-22-052\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://fortiguard.com/psirt/FG-IR-22-052\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://fortiguard.com/psirt/FG-IR-22-052\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T03:43:45.885Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-23446\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-22T20:19:42.987818Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-22T20:21:58.933Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C\", \"temporalScore\": 4, \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"remediationLevel\": \"OFFICIAL_FIX\", \"reportConfidence\": \"CONFIRMED\", \"temporalSeverity\": \"MEDIUM\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"exploitCodeMaturity\": \"PROOF_OF_CONCEPT\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Fortinet\", \"product\": \"Fortinet FortiEDR\", \"versions\": [{\"status\": \"affected\", \"version\": \"FortiEDR 5.0.2, 5.0.1, 5.0.0, 4.0.0\"}]}], \"references\": [{\"url\": \"https://fortiguard.com/psirt/FG-IR-22-052\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Denial of service\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2022-04-06T09:00:17\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"scope\": \"Unchanged\", \"version\": \"3.1\", \"baseScore\": 4, \"attackVector\": \"Local\", \"baseSeverity\": \"Medium\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C\", \"integrityImpact\": \"None\", \"userInteraction\": \"None\", \"attackComplexity\": \"Low\", \"availabilityImpact\": \"High\", \"privilegesRequired\": \"High\", \"confidentialityImpact\": \"None\"}}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"FortiEDR 5.0.2, 5.0.1, 5.0.0, 4.0.0\"}]}, \"product_name\": \"Fortinet FortiEDR\"}]}, \"vendor_name\": \"Fortinet\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://fortiguard.com/psirt/FG-IR-22-052\", \"name\": \"https://fortiguard.com/psirt/FG-IR-22-052\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Denial of service\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-23446\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@fortinet.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-23446\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-22T20:59:46.351Z\", \"dateReserved\": \"2022-01-19T00:00:00\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2022-04-06T09:00:17\", \"assignerShortName\": \"fortinet\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

cnvd-2022-47984

Vulnerability from cnvd

Title

Fortinet FortiEDR拒绝服务漏洞

Description

Fortinet FortiEDR是美国Fortinet公司的一个从头开始构建的端点安全解决方案。 Fortinet FortiEDR 5.0.3及之前版本存在拒绝服务漏洞，该漏洞源于资源管理错误，攻击者可利用该漏洞通过更改其根目录访问权限使整个应用程序无响应。

Severity

低

Patch Name

Fortinet FortiEDR拒绝服务漏洞的补丁

Patch Description

Fortinet FortiEDR是美国Fortinet公司的一个从头开始构建的端点安全解决方案。 Fortinet FortiEDR 5.0.3及之前版本存在拒绝服务漏洞，该漏洞源于资源管理错误，攻击者可利用该漏洞通过更改其根目录访问权限使整个应用程序无响应。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.fortiguard.com/psirt/FG-IR-22-052

Reference

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23446

Impacted products

Name
Fortinet FortiEDR <=5.0.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-23446",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-23446"
    }
  },
  "description": "Fortinet FortiEDR\u662f\u7f8e\u56fdFortinet\u516c\u53f8\u7684\u4e00\u4e2a\u4ece\u5934\u5f00\u59cb\u6784\u5efa\u7684\u7aef\u70b9\u5b89\u5168\u89e3\u51b3\u65b9\u6848\u3002\n\nFortinet FortiEDR 5.0.3\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u66f4\u6539\u5176\u6839\u76ee\u5f55\u8bbf\u95ee\u6743\u9650\u4f7f\u6574\u4e2a\u5e94\u7528\u7a0b\u5e8f\u65e0\u54cd\u5e94\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.fortiguard.com/psirt/FG-IR-22-052",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-47984",
  "openTime": "2022-06-28",
  "patchDescription": "Fortinet FortiEDR\u662f\u7f8e\u56fdFortinet\u516c\u53f8\u7684\u4e00\u4e2a\u4ece\u5934\u5f00\u59cb\u6784\u5efa\u7684\u7aef\u70b9\u5b89\u5168\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nFortinet FortiEDR 5.0.3\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u66f4\u6539\u5176\u6839\u76ee\u5f55\u8bbf\u95ee\u6743\u9650\u4f7f\u6574\u4e2a\u5e94\u7528\u7a0b\u5e8f\u65e0\u54cd\u5e94\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fortinet FortiEDR\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Fortinet FortiEDR \u003c=5.0.3"
  },
  "referenceLink": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23446",
  "serverity": "\u4f4e",
  "submitTime": "2022-04-08",
  "title": "Fortinet FortiEDR\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

ghsa-r8jj-pf8x-383m

Vulnerability from github

Published

2022-04-07 00:00

Modified

2022-04-14 00:00

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-23446"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-06T09:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission.",
  "id": "GHSA-r8jj-pf8x-383m",
  "modified": "2022-04-14T00:00:30Z",
  "published": "2022-04-07T00:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23446"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/psirt/FG-IR-22-052"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiClient	FortiClient pour Linux et Windows versions 6.x antérieures à 6.4.8
Fortinet	N/A	FortiEDR versions antérieures à 5.0.3
Fortinet	FortiClient	FortiClient pour Linux et Windows versions 7.x antérieures à 7.0.3
Fortinet	FortiWAN	FortiWAN versions antérieures à 4.5.9
Fortinet	N/A	FortiWLC versions antérieures à 8.6.3
Fortinet	N/A	FortiEDR Collector versions antérieures à 5.0.3 b0508

References

Title

Publication Time

var-202204-0954

Vulnerability from variot

A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission. Fortinet FortiEDR Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Fortinet FortiEDR is an endpoint security solution built from the ground up by Fortinet Corporation in the United States. There is a denial of service vulnerability in Fortinet FortiEDR 5.0.3 and earlier versions. This vulnerability is caused by a resource management error

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202204-0954",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortiedr",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortiedr",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortiedr",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortiedr",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "4.0.0"
      },
      {
        "model": "fortiedr",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortiedr",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "5.0.3  and earlier"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009342"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23446"
      }
    ]
  },
  "cve": "CVE-2022-23446",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-23446",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "VHN-412581",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 0.8,
            "id": "CVE-2022-23446",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 4.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-009342",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-23446",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2022-23446",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-23446",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202204-2431",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-412581",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-23446",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-412581"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23446"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009342"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-2431"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23446"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23446"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission. Fortinet FortiEDR Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Fortinet FortiEDR is an endpoint security solution built from the ground up by Fortinet Corporation in the United States. There is a denial of service vulnerability in Fortinet FortiEDR 5.0.3 and earlier versions. This vulnerability is caused by a resource management error",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-23446"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009342"
      },
      {
        "db": "VULHUB",
        "id": "VHN-412581"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23446"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-23446",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009342",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2022040528",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-2431",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-47984",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-412581",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23446",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-412581"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23446"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009342"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-2431"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23446"
      }
    ]
  },
  "id": "VAR-202204-0954",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-412581"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:32:35.420000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-22-052",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt/FG-IR-22-052"
      },
      {
        "title": "Fortinet FortiEDR Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189248"
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-23305 "
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/AlphabugX/CVE-2022-RCE "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-23446"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009342"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-2431"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "others (CWE-Other) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009342"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23446"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/psirt/fg-ir-22-052"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23446"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-23446/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022040528"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-23305"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-412581"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23446"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009342"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-2431"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23446"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-412581"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23446"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009342"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-2431"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23446"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-04-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-412581"
      },
      {
        "date": "2022-04-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-23446"
      },
      {
        "date": "2023-08-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-009342"
      },
      {
        "date": "2022-04-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202204-2431"
      },
      {
        "date": "2022-04-06T09:15:08.550000",
        "db": "NVD",
        "id": "CVE-2022-23446"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-04-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-412581"
      },
      {
        "date": "2022-04-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-23446"
      },
      {
        "date": "2023-08-04T05:06:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-009342"
      },
      {
        "date": "2022-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202204-2431"
      },
      {
        "date": "2024-11-21T06:48:34.237000",
        "db": "NVD",
        "id": "CVE-2022-23446"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-2431"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet\u00a0FortiEDR\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-009342"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-2431"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2022-23446

Vulnerability from fkie_nvd

Published

2022-04-06 09:15

Modified

2024-11-21 06:48

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	psirt@fortinet.com	https://fortiguard.com/psirt/FG-IR-22-052	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.com/psirt/FG-IR-22-052	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	fortiedr	4.0.0
fortinet	fortiedr	5.0.0
fortinet	fortiedr	5.0.1
fortinet	fortiedr	5.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:fortiedr:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "41956307-6575-410D-8F95-C9F0EB3540E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiedr:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AEF3519-19B6-4A6C-AEC2-B5DE4DAEF41B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiedr:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF807BAA-4DF4-4E6E-8053-F026C3B8DCB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortiedr:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4B10B6-8623-48B1-878E-F7DA0ED464FF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission."
    },
    {
      "lang": "es",
      "value": "Un control inapropiado de un recurso a lo largo de su vida en Fortinet FortiEDR versiones 5.0.3 y anteriores, permite a un atacante hacer que toda la aplicaci\u00f3n no responda por medio de cambiar su permiso de acceso al directorio root"
    }
  ],
  "id": "CVE-2022-23446",
  "lastModified": "2024-11-21T06:48:34.237",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "psirt@fortinet.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-06T09:15:08.550",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-22-052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-22-052"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2022-23446

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2022-23446

Aliases

CVE-2022-23446

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-23446",
    "description": "A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission.",
    "id": "GSD-2022-23446"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-23446"
      ],
      "details": "A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission.",
      "id": "GSD-2022-23446",
      "modified": "2023-12-13T01:19:35.386639Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@fortinet.com",
        "ID": "CVE-2022-23446",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Fortinet FortiEDR",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "FortiEDR 5.0.2, 5.0.1, 5.0.0, 4.0.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Fortinet"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "Low",
          "attackVector": "Local",
          "availabilityImpact": "High",
          "baseScore": 4.0,
          "baseSeverity": "Medium",
          "confidentialityImpact": "None",
          "integrityImpact": "None",
          "privilegesRequired": "High",
          "scope": "Unchanged",
          "userInteraction": "None",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial of service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-22-052",
            "refsource": "CONFIRM",
            "url": "https://fortiguard.com/psirt/FG-IR-22-052"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiedr:4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiedr:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiedr:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiedr:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2022-23446"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-22-052",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://fortiguard.com/psirt/FG-IR-22-052"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-04-13T18:16Z",
      "publishedDate": "2022-04-06T09:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-23446 (GCVE-0-2022-23446)

Vulnerability from cvelistv5

cnvd-2022-47984

Vulnerability from cnvd

ghsa-r8jj-pf8x-383m

Vulnerability from github

CERTFR-2022-AVI-312

Vulnerability from certfr_avis

Solution

var-202204-0954

Vulnerability from variot

fkie_cve-2022-23446

Vulnerability from fkie_nvd

gsd-2022-23446

Vulnerability from gsd

Tags

Sightings

Nomenclature