Lucene search

F-SecureUSCVE-2022-28880

HistoryAug 05, 2022 - 5:15 p.m.

CVE-2022-28880

2022-08-0517:15:08

F-SecureUS

web.nvd.nist.gov

cve-2022-28880

denial of service

dos vulnerability

f-secure atlant

withsecure

remote attacker

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

30.7%

JSON

A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker.

Affected configurations

Nvd

Node

f-secureelements_endpoint_detection_and_response

f-secureelements_endpoint_protection

AND

applemacosMatch-

microsoftwindowsMatch-

Node

f-secureatlant

f-securecloud_protection_for_salesforce

f-secureelements_collaboration_protection

f-secureinternet_gatekeeper

f-securelinux_securityx86

f-securelinux_security_64

VendorProductVersionCPE
f-secureelements_endpoint_detection_and_response*cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:*:*:*:*:*:*:*:*
f-secureelements_endpoint_protection*cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
f-secureatlant*cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*
f-securecloud_protection_for_salesforce*cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*
f-secureelements_collaboration_protection*cpe:2.3:a:f-secure:elements_collaboration_protection:*:*:*:*:*:*:*:*
f-secureinternet_gatekeeper*cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*
f-securelinux_security*cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*
f-securelinux_security_64*cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f-secure	elements_endpoint_detection_and_response	*	cpe:2.3:a:f-secure:elements_endpoint_detection_and_response::::::::
f-secure	elements_endpoint_protection	*	cpe:2.3:a:f-secure:elements_endpoint_protection::::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
f-secure	atlant	*	cpe:2.3:a:f-secure:atlant::::::::
f-secure	cloud_protection_for_salesforce	*	cpe:2.3:a:f-secure:cloud_protection_for_salesforce::::::::
f-secure	elements_collaboration_protection	*	cpe:2.3:a:f-secure:elements_collaboration_protection::::::::
f-secure	internet_gatekeeper	*	cpe:2.3:a:f-secure:internet_gatekeeper::::::::
f-secure	linux_security	*	cpe:2.3:a:f-secure:linux_security:::::::x86:*
f-secure	linux_security_64	*	cpe:2.3:a:f-secure:linux_security_64::::::::

CNA Affected

[
  {
    "product": "All F-Secure and WithSecure Endpoint Protection products for Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
    "vendor": "F-Secure",
    "versions": [
      {
        "status": "affected",
        "version": "All Version "
      }
    ]
  }
]

References

www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame

www.withsecure.com/en/expertise/people

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

30.7%

JSON

Related for CVE-2022-28880