CVE-2023-44248 - Vulnerability Details - OpenCVE

An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0004.

Key SSVC decision points have not yet been added.

Vendors	Products
Fortinet	Fortiedr

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortiedr::::::windows::*
	cpe:2.3:a:fortinet:fortiedr::::::windows::*
	cpe:2.3:a:fortinet:fortiedr:4.0.0:::::windows::

No data.

No data.

Fixes

Solution

Please upgrade to FortiEDRCollectorWindows version 5.2.0.4581 or above Please upgrade to FortiEDRCollectorWindows version 5.0.3.1016 or above

Workaround

No workaround given by the vendor.

References

Link	Providers
https://fortiguard.com/psirt/FG-IR-23-306

History

No history.

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2023-11-14T18:05:53.643Z

Updated: 2024-08-30T18:11:55.384Z

Reserved: 2023-09-27T12:26:48.750Z

Link: CVE-2023-44248

Vulnrichment

Updated: 2024-08-02T19:59:51.928Z

NVD

Status : Modified

Published: 2023-11-14T18:15:54.470

Modified: 2024-11-21T08:25:30.957

Link: CVE-2023-44248

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44248", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2023-09-27T12:26:48.750Z", "datePublished": "2023-11-14T18:05:53.643Z", "dateUpdated": "2024-08-30T18:11:55.384Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiEDR", "defaultStatus": "unaffected", "versions": [{"version": "5.0.3", "status": "affected"}, {"versionType": "semver", "version": "5.0.0", "lessThanOrEqual": "5.0.1", "status": "affected"}, {"version": "4.0.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability [CWE-284] in\u00a0FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-11-14T18:05:53.643Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-284", "description": "Denial of service", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:X/RC:R"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiEDRCollectorWindows version 5.2.0.4581 or above\nPlease upgrade to FortiEDRCollectorWindows version 5.0.3.1016 or above\n"}], "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-306", "url": "https://fortiguard.com/psirt/FG-IR-23-306"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.928Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.com/psirt/FG-IR-23-306", "url": "https://fortiguard.com/psirt/FG-IR-23-306", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-30T18:11:43.737058Z", "id": "CVE-2023-44248", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T18:11:55.384Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-306", "name": "https://fortiguard.com/psirt/FG-IR-23-306", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.928Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-44248", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-30T18:11:43.737058Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T18:11:49.977Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:X/RC:R", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Fortinet", "product": "FortiEDR", "versions": [{"status": "affected", "version": "5.0.3"}, {"status": "affected", "version": "5.0.0", "versionType": "semver", "lessThanOrEqual": "5.0.1"}, {"status": "affected", "version": "4.0.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiEDRCollectorWindows version 5.2.0.4581 or above\nPlease upgrade to FortiEDRCollectorWindows version 5.0.3.1016 or above\n"}], "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-306", "name": "https://fortiguard.com/psirt/FG-IR-23-306"}], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability [CWE-284] in\u00a0FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Denial of service"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2023-11-14T18:05:53.643Z"}}}, "cveMetadata": {"cveId": "CVE-2023-44248", "state": "PUBLISHED", "dateUpdated": "2024-08-30T18:11:55.384Z", "dateReserved": "2023-09-27T12:26:48.750Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2023-11-14T18:05:53.643Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiedr:*:*:*:*:*:windows:*:*", "matchCriteriaId": "1A10D784-1ED4-46CC-AEB0-F006F8B0E16E", "versionEndIncluding": "5.0.3.1007", "versionStartIncluding": "5.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiedr:*:*:*:*:*:windows:*:*", "matchCriteriaId": "2AF2B177-B287-4C8F-B1F4-42D3051D5EC7", "versionEndIncluding": "5.2.0.4549", "versionStartIncluding": "5.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortiedr:4.0.0:*:*:*:*:windows:*:*", "matchCriteriaId": "895977DC-C7C4-422F-BCAC-B2B46582A912", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability [CWE-284] in\u00a0FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso inadecuado [CWE-284] en FortiEDRCollectorWindows versi\u00f3n 5.2.0.4549 y anteriores, 5.0.3.1007 y anteriores, 4.0 puede permitir que un atacante local impida que el servicio recopilador se inicie en el siguiente reinicio del sistema alterando algunas claves de registro del servicio."}], "id": "CVE-2023-44248", "lastModified": "2024-11-21T08:25:30.957", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-14T18:15:54.470", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-306"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.com/psirt/FG-IR-23-306"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "psirt@fortinet.com", "type": "Secondary"}]}