Lucene search

[email protected]NVD:CVE-2022-28880

HistoryAug 05, 2022 - 5:15 p.m.

CVE-2022-28880

2022-08-0517:15:08

[email protected]

web.nvd.nist.gov

denial-of-service

f-secure

pe32-bit

remote exploit

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

30.7%

JSON

A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker.

Affected configurations

Nvd

Node

f-secureelements_endpoint_detection_and_response

f-secureelements_endpoint_protection

AND

applemacosMatch-

microsoftwindowsMatch-

Node

f-secureatlant

f-securecloud_protection_for_salesforce

f-secureelements_collaboration_protection

f-secureinternet_gatekeeper

f-securelinux_securityx86

f-securelinux_security_64

VendorProductVersionCPE
f-secureelements_endpoint_detection_and_response*cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:*:*:*:*:*:*:*:*
f-secureelements_endpoint_protection*cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
f-secureatlant*cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*
f-securecloud_protection_for_salesforce*cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*
f-secureelements_collaboration_protection*cpe:2.3:a:f-secure:elements_collaboration_protection:*:*:*:*:*:*:*:*
f-secureinternet_gatekeeper*cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*
f-securelinux_security*cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*
f-securelinux_security_64*cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f-secure	elements_endpoint_detection_and_response	*	cpe:2.3:a:f-secure:elements_endpoint_detection_and_response::::::::
f-secure	elements_endpoint_protection	*	cpe:2.3:a:f-secure:elements_endpoint_protection::::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
f-secure	atlant	*	cpe:2.3:a:f-secure:atlant::::::::
f-secure	cloud_protection_for_salesforce	*	cpe:2.3:a:f-secure:cloud_protection_for_salesforce::::::::
f-secure	elements_collaboration_protection	*	cpe:2.3:a:f-secure:elements_collaboration_protection::::::::
f-secure	internet_gatekeeper	*	cpe:2.3:a:f-secure:internet_gatekeeper::::::::
f-secure	linux_security	*	cpe:2.3:a:f-secure:linux_security:::::::x86:*
f-secure	linux_security_64	*	cpe:2.3:a:f-secure:linux_security_64::::::::

References

www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fame

www.withsecure.com/en/expertise/people

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

30.7%

JSON

Related for NVD:CVE-2022-28880

cvelist1 prion1 cve1