Lucene search

F-SecureUSCVE-2022-28883

HistoryAug 23, 2022 - 4:15 p.m.

CVE-2022-28883

2022-08-2316:15:10

F-SecureUS

web.nvd.nist.gov

cve-2022-28883

denial of service

dos

vulnerability

f-secure

withsecure

remote exploit

scanning engine crash

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

38.4%

JSON

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker.

Affected configurations

Nvd

Node

f-secureelements_endpoint_protection

AND

applemacosMatch-

microsoftwindowsMatch-

Node

f-secureatlant

f-securecloud_protection_for_salesforce

f-secureelements_collaboration_protection

f-secureinternet_gatekeeper

f-securelinux_securityx86

f-securelinux_security_64

VendorProductVersionCPE
f-secureelements_endpoint_protection*cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
f-secureatlant*cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*
f-securecloud_protection_for_salesforce*cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*
f-secureelements_collaboration_protection*cpe:2.3:a:f-secure:elements_collaboration_protection:*:*:*:*:*:*:*:*
f-secureinternet_gatekeeper*cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*
f-securelinux_security*cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*
f-securelinux_security_64*cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f-secure	elements_endpoint_protection	*	cpe:2.3:a:f-secure:elements_endpoint_protection::::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
f-secure	atlant	*	cpe:2.3:a:f-secure:atlant::::::::
f-secure	cloud_protection_for_salesforce	*	cpe:2.3:a:f-secure:cloud_protection_for_salesforce::::::::
f-secure	elements_collaboration_protection	*	cpe:2.3:a:f-secure:elements_collaboration_protection::::::::
f-secure	internet_gatekeeper	*	cpe:2.3:a:f-secure:internet_gatekeeper::::::::
f-secure	linux_security	*	cpe:2.3:a:f-secure:linux_security:::::::x86:*
f-secure	linux_security_64	*	cpe:2.3:a:f-secure:linux_security_64::::::::

CNA Affected

[
  {
    "product": "All F-Secure and WithSecure Endpoint Protection products for Windows & Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
    "vendor": "F-Secure and WithSecure",
    "versions": [
      {
        "status": "affected",
        "version": "All Version "
      }
    ]
  }
]

References

www.withsecure.com/en/support/security-advisories

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

38.4%

JSON

Related for CVE-2022-28883