Search criteria
2 vulnerabilities found for All F-Secure and WithSecure Endpoint Protection Products for Windows by F-Secure and WithSecure
CVE-2022-28877 (GCVE-0-2022-28877)
Vulnerability from cvelistv5 – Published: 2022-07-21 15:32 – Updated: 2024-08-03 06:03
VLAI?
Title
Local Privilege Escalation Vulnerability in F-Secure & WithSecure Windows Endpoint Products
Summary
This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation.
Severity ?
4.3 (Medium)
CWE
- Local Privilege Escalation Vulnerability in F-Secure & WithSecure Windows Endpoint Products
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F-Secure and WithSecure | All F-Secure and WithSecure Endpoint Protection Products for Windows |
Affected:
All Version
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection Products for Windows",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure \u0026 WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation Vulnerability in F-Secure \u0026 WithSecure Windows Endpoint Products",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-21T15:32:45",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with UlcoreWin database on 2022-07-19_01"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation Vulnerability in F-Secure \u0026 WithSecure Windows Endpoint Products",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28877",
"STATE": "PUBLIC",
"TITLE": "Local Privilege Escalation Vulnerability in F-Secure \u0026 WithSecure Windows Endpoint Products"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection Products for Windows",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure \u0026 WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation Vulnerability in F-Secure \u0026 WithSecure Windows Endpoint Products"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with UlcoreWin database on 2022-07-19_01"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28877",
"datePublished": "2022-07-21T15:32:45",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28877 (GCVE-0-2022-28877)
Vulnerability from nvd – Published: 2022-07-21 15:32 – Updated: 2024-08-03 06:03
VLAI?
Title
Local Privilege Escalation Vulnerability in F-Secure & WithSecure Windows Endpoint Products
Summary
This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation.
Severity ?
4.3 (Medium)
CWE
- Local Privilege Escalation Vulnerability in F-Secure & WithSecure Windows Endpoint Products
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F-Secure and WithSecure | All F-Secure and WithSecure Endpoint Protection Products for Windows |
Affected:
All Version
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:53.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All F-Secure and WithSecure Endpoint Protection Products for Windows",
"vendor": "F-Secure and WithSecure",
"versions": [
{
"status": "affected",
"version": "All Version "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure \u0026 WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation Vulnerability in F-Secure \u0026 WithSecure Windows Endpoint Products",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-21T15:32:45",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with UlcoreWin database on 2022-07-19_01"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation Vulnerability in F-Secure \u0026 WithSecure Windows Endpoint Products",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2022-28877",
"STATE": "PUBLIC",
"TITLE": "Local Privilege Escalation Vulnerability in F-Secure \u0026 WithSecure Windows Endpoint Products"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All F-Secure and WithSecure Endpoint Protection Products for Windows",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All Version "
}
]
}
}
]
},
"vendor_name": "F-Secure and WithSecure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure \u0026 WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation Vulnerability in F-Secure \u0026 WithSecure Windows Endpoint Products"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.withsecure.com/en/support/security-advisories",
"refsource": "MISC",
"url": "https://www.withsecure.com/en/support/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "FIX No User action is required. The required fix has been published through automatic update channel with UlcoreWin database on 2022-07-19_01"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2022-28877",
"datePublished": "2022-07-21T15:32:45",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-03T06:03:53.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}