CVE-2022-28877 - Vulnerability Details - OpenCVE

This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00187.

Key SSVC decision points have not yet been added.

Vendors	Products
F-secure	Elements Endpoint Protection
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-33314	This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation.

Fixes

Solution

FIX No User action is required. The required fix has been published through automatic update channel with UlcoreWin database on 2022-07-19_01

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.f-secure.com/en/business/support-and-downloads/security-advisories
https://www.withsecure.com/en/support/security-advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: F-SecureUS

Published: 2022-07-21T15:32:45

Updated: 2024-08-03T06:03:53.220Z

Reserved: 2022-04-08T00:00:00

Link: CVE-2022-28877

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-07-21T16:15:09.030

Modified: 2024-11-21T06:58:07.100

Link: CVE-2022-28877

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "All F-Secure and WithSecure Endpoint Protection Products for Windows", "vendor": "F-Secure and WithSecure", "versions": [{"status": "affected", "version": "All Version "}]}], "descriptions": [{"lang": "en", "value": "This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Local Privilege Escalation Vulnerability in F-Secure & WithSecure Windows Endpoint Products", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-21T15:32:45", "orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "shortName": "F-SecureUS"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"tags": ["x_refsource_MISC"], "url": "https://www.withsecure.com/en/support/security-advisories"}], "solutions": [{"lang": "en", "value": "FIX No User action is required. The required fix has been published through automatic update channel with UlcoreWin database on 2022-07-19_01"}], "source": {"discovery": "EXTERNAL"}, "title": "Local Privilege Escalation Vulnerability in F-Secure & WithSecure Windows Endpoint Products", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-notifications-us@f-secure.com", "ID": "CVE-2022-28877", "STATE": "PUBLIC", "TITLE": "Local Privilege Escalation Vulnerability in F-Secure & WithSecure Windows Endpoint Products"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "All F-Secure and WithSecure Endpoint Protection Products for Windows", "version": {"version_data": [{"version_affected": "=", "version_value": "All Version "}]}}]}, "vendor_name": "F-Secure and WithSecure"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Local Privilege Escalation Vulnerability in F-Secure & WithSecure Windows Endpoint Products"}]}]}, "references": {"reference_data": [{"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories", "refsource": "MISC", "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"name": "https://www.withsecure.com/en/support/security-advisories", "refsource": "MISC", "url": "https://www.withsecure.com/en/support/security-advisories"}]}, "solution": [{"lang": "en", "value": "FIX No User action is required. The required fix has been published through automatic update channel with UlcoreWin database on 2022-07-19_01"}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:03:53.220Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.withsecure.com/en/support/security-advisories"}]}]}, "cveMetadata": {"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "assignerShortName": "F-SecureUS", "cveId": "CVE-2022-28877", "datePublished": "2022-07-21T15:32:45", "dateReserved": "2022-04-08T00:00:00", "dateUpdated": "2024-08-03T06:03:53.220Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DFC1F94-8A8B-42E2-887B-EE8FB3C9130D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation."}, {"lang": "es", "value": "Esta vulnerabilidad permite al usuario local eliminar un archivo arbitrario en el sistema y omitir la protecci\u00f3n de seguridad que puede ser abusada para la escalada de privilegios locales en los productos de endpoint de F-Secure y WithSecure windows afectados. Un atacante debe tener derechos de ejecuci\u00f3n de c\u00f3digo en la m\u00e1quina v\u00edctima antes de la explotaci\u00f3n exitosa"}], "id": "CVE-2022-28877", "lastModified": "2024-11-21T06:58:07.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.4, "source": "cve-notifications-us@f-secure.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-21T16:15:09.030", "references": [{"source": "cve-notifications-us@f-secure.com", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"source": "cve-notifications-us@f-secure.com", "tags": ["Vendor Advisory"], "url": "https://www.withsecure.com/en/support/security-advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.withsecure.com/en/support/security-advisories"}], "sourceIdentifier": "cve-notifications-us@f-secure.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}