CVE-2022-23440

7.8HIGH

Key Information:

Vendor
Fortinet
Status
Fortinet Fortiedr
Vendor
CVE Published:
6 April 2022

Summary

A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment.

Affected Version(s)

Fortinet FortiEDR FortiEDR 5.0.2, 5.0.1, 5.0.0, 4.0.0

References

https://fortiguard.com/psirt/FG-IR-22-018
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.