We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-23440



Assignerfortinet
Reserved2022-01-19
Published2022-04-06
Updated2024-10-25

Description

A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment.



HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C

Product status

FortiEDR 5.0.2, 5.0.1, 5.0.0, 4.0.0
affected

References

https://fortiguard.com/psirt/FG-IR-22-018

cve.org CVE-2022-23440

nvd.nist.gov CVE-2022-23440

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.