CVE-2022-28887 - OpenCVE

Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Macos
F-secure	Atlant Elements Endpoint Detection And Response Elements Endpoint Protection Internet Gatekeeper Linux Security Linux Security 64
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:-:::::::*
	cpe:2.3:a:f-secure:elements_endpoint_protection:-:::::::*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:f-secure:atlant:-:::::::*
	cpe:2.3:a:f-secure:internet_gatekeeper:-:::::-::
	cpe:2.3:a:f-secure:linux_security:-::::::x86:
	cpe:2.3:a:f-secure:linux_security_64:-:::::::*

No data.

References

Link	Providers
https://www.f-secure.com/en/business/support-and-downloads/security-advisories
https://www.withsecure.com/en/support/security-advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: F-SecureUS

Published: 2022-10-12T00:00:00

Updated: 2024-08-03T06:10:56.799Z

Reserved: 2022-04-08T00:00:00

Link: CVE-2022-28887

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-10-12T18:15:09.417

Modified: 2022-10-14T20:25:20.093

Link: CVE-2022-28887

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-28887", "assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "assignerShortName": "F-SecureUS", "dateUpdated": "2024-08-03T06:10:56.799Z", "dateReserved": "2022-04-08T00:00:00", "datePublished": "2022-10-12T00:00:00"}, "containers": {"cna": {"title": "Multiple Denial of Service Vulnerability", "providerMetadata": {"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "shortName": "F-SecureUS", "dateUpdated": "2022-10-12T00:00:00"}, "descriptions": [{"lang": "en", "value": "Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash."}], "affected": [{"vendor": "F-Secure and WithSecure", "product": "All F-Secure and WithSecure Endpoint Protection products for Windows & Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper", "versions": [{"version": "All Version ", "status": "affected"}]}], "references": [{"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"url": "https://www.withsecure.com/en/support/security-advisories"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Multiple Denial-of-Service (DoS) vulnerability"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "EXTERNAL"}, "solutions": [{"lang": "en", "value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-09-26_09"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:10:56.799Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories", "tags": ["x_transferred"]}, {"url": "https://www.withsecure.com/en/support/security-advisories", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:-:*:*:*:*:*:*:*", "matchCriteriaId": "27EDA251-BB9B-4394-B653-145603D0EEA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*", "matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f-secure:atlant:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A8AF772-E3DC-4C9B-B3E8-81103D3B7BC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:-:*:*:*:*:-:*:*", "matchCriteriaId": "716021F0-35B9-4567-838A-DAEC65A6601F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:x86:*", "matchCriteriaId": "26113C91-7FD5-4C3B-84F7-6A986CA26461", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:linux_security_64:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5E48AF8-57C4-4DFB-9E64-E3B3352941E9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad m\u00faltiple de Denegaci\u00f3n de Servicio (DoS) en los productos F-Secure y WithSecure por la que la funci\u00f3n del administrador de desempaquetado aerdl.dll es bloqueada. Esto puede conllevar a un posible fallo del motor de escaneo"}], "id": "CVE-2022-28887", "lastModified": "2022-10-14T20:25:20.093", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.4, "source": "cve-notifications-us@f-secure.com", "type": "Secondary"}]}, "published": "2022-10-12T18:15:09.417", "references": [{"source": "cve-notifications-us@f-secure.com", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"source": "cve-notifications-us@f-secure.com", "tags": ["Vendor Advisory"], "url": "https://www.withsecure.com/en/support/security-advisories"}], "sourceIdentifier": "cve-notifications-us@f-secure.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}