CVE-2023-44248

CWE-284Improper Access Control4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 87.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet Fortiedr CollectorwindowsFortinet Fortiedr
Timeline
PublishedNov 14

Description

An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5fortinet/fortiedr_collectorwindows5.0.05.0.2
NVDfortinet/fortiedr5.0.35.0.3.1007+2

🔴Vulnerability Details

2
GHSA
GHSA-8q65-4j4c-59vh: An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 52023-11-14
CVEList
CVE-2023-44248: An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 52023-11-14

📋Vendor Advisories

1
Fortinet
An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007...2023-11-14
CVE-2023-44248 (MEDIUM CVSS 5.5) | An improper access control vulnerab | cvebase.io