Details of VAR-202204-0954

ID

VAR-202204-0954

CVE

CVE-2022-23446

TITLE

Fortinet FortiEDR Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009342

DESCRIPTION

A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission. Fortinet FortiEDR Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Fortinet FortiEDR is an endpoint security solution built from the ground up by Fortinet Corporation in the United States. There is a denial of service vulnerability in Fortinet FortiEDR 5.0.3 and earlier versions. This vulnerability is caused by a resource management error

Trust: 1.8

sources: NVD: CVE-2022-23446 // JVNDB: JVNDB-2022-009342 // VULHUB: VHN-412581 // VULMON: CVE-2022-23446

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiedr	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	fortinet	model:	fortiedr	scope:	eq	version:	5.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiedr	scope:	eq	version:	5.0.2	Trust: 1.0
vendor:	fortinet	model:	fortiedr	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	フォーティネット	model:	fortiedr	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiedr	scope:	lte	version:	5.0.3 and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2022-009342 // NVD: CVE-2022-23446

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-23446
value:	MEDIUM
Trust: 1.0
psirt@fortinet.com:	CVE-2022-23446
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-23446
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202204-2431
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-412581
value:	LOW
Trust: 0.1
VULMON:	CVE-2022-23446
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-23446
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-412581
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-23446
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-009342
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-412581 // VULMON: CVE-2022-23446 // JVNDB: JVNDB-2022-009342 // CNNVD: CNNVD-202204-2431 // NVD: CVE-2022-23446 // NVD: CVE-2022-23446

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-009342 // NVD: CVE-2022-23446

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-2431

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-2431

PATCH

title:	FG-IR-22-052	url:	https://www.fortiguard.com/psirt/FG-IR-22-052	Trust: 0.8
title:	Fortinet FortiEDR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189248	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-23446 // JVNDB: JVNDB-2022-009342 // CNNVD: CNNVD-202204-2431

EXTERNAL IDS

db:	NVD	id:	CVE-2022-23446	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-009342	Trust: 0.8
db:	CS-HELP	id:	SB2022040528	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-2431	Trust: 0.6
db:	CNVD	id:	CNVD-2022-47984	Trust: 0.1
db:	VULHUB	id:	VHN-412581	Trust: 0.1
db:	VULMON	id:	CVE-2022-23446	Trust: 0.1

sources: VULHUB: VHN-412581 // VULMON: CVE-2022-23446 // JVNDB: JVNDB-2022-009342 // CNNVD: CNNVD-202204-2431 // NVD: CVE-2022-23446

REFERENCES

url:	https://fortiguard.com/psirt/fg-ir-22-052	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23446	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-23446/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022040528	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-412581 // VULMON: CVE-2022-23446 // JVNDB: JVNDB-2022-009342 // CNNVD: CNNVD-202204-2431 // NVD: CVE-2022-23446

SOURCES

db:	VULHUB	id:	VHN-412581
db:	VULMON	id:	CVE-2022-23446
db:	JVNDB	id:	JVNDB-2022-009342
db:	CNNVD	id:	CNNVD-202204-2431
db:	NVD	id:	CVE-2022-23446

LAST UPDATE DATE

2024-11-23T21:32:35.420000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-412581	date:	2022-04-13T00:00:00
db:	VULMON	id:	CVE-2022-23446	date:	2022-04-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-009342	date:	2023-08-04T05:06:00
db:	CNNVD	id:	CNNVD-202204-2431	date:	2022-04-14T00:00:00
db:	NVD	id:	CVE-2022-23446	date:	2024-11-21T06:48:34.237

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-412581	date:	2022-04-06T00:00:00
db:	VULMON	id:	CVE-2022-23446	date:	2022-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-009342	date:	2023-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202204-2431	date:	2022-04-06T00:00:00
db:	NVD	id:	CVE-2022-23446	date:	2022-04-06T09:15:08.550