CVE-2022-23446

EUVD-2022-28521
A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
fortinetCNA
4.4 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
fortinetfortiedr
4.0.0
fortinetfortiedr
5.0.0
fortinetfortiedr
5.0.1
fortinetfortiedr
5.0.2
𝑥
= Vulnerable software versions
References
https://fortiguard.com/psirt/FG-IR-22-052
https://fortiguard.com/psirt/FG-IR-22-052