Insecure Memory Object Vulnerability in RSA NetWitness Platform
CVE-2022-47529

6.7MEDIUM

Key Information:

Vendor: Rsa
Status: Netwitness
Vendor: CVE Published:; 28 March 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The RSA NetWitness Platform prior to version 12.2 contains a critical vulnerability due to insecure Win32 memory objects. This flaw allows local and administrative Windows users to alter the configuration of the endpoint agent service. As a result, they can completely disable the service or execute arbitrary code, enabling them to circumvent built-in tamper-protection mechanisms through modifications to Access Control Lists (ACLs). This vulnerability underscores the importance of proper access controls and highlights potential risks in endpoint security configurations.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-47529
Created by hyp3rlinx

References

https://twitter.com/hyp3rlinx/status/1639335477839790105

https://hyp3rlinx.altervista.org/advisories/RSA_NETWITNES...

https://packetstormsecurity.com/files/171476/RSA-NetWitne...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2023
🟡
Public PoC available
Mar 24, 2023
👾
Exploit known to exist
Mar 24, 2023
Vulnerability Reserved
Dec 19, 2022