CVE-2022-39949

CWE-4044 documents4 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 85.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiedrFortinet Fortinet Fortiedr
Timeline
PublishedNov 2

Description

An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortiedr4.0.04.1.0+2
CVEListV5fortinet/fortinet_fortiedrFortiEDR CollectorWindows 4.0.0  through 4.1, 5.0.0 through 5.0.3.751, 5.1.0

🔴Vulnerability Details

2
CVEList
CVE-2022-39949: An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 42022-11-02
GHSA
GHSA-gxmc-34w7-fv72: An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 42022-11-02

📋Vendor Advisories

1
Fortinet
An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0 throug...2022-11-02
CVE-2022-39949 (MEDIUM CVSS 5.5) | An improper control of a resource t | cvebase.io