CVE-2022-31215

In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1, and Reach Client Agents before 10.1.11.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
goverlanclient_agent
𝑥
< 10.1.11
goverlanreach_console
𝑥
< 10.5.1
goverlanreach_server
𝑥
< 3.70.1
𝑥
= Vulnerable software versions
References
https://goverlan.com
https://www.goverlan.com/knowledge/article/security-advisory-govsa-2022-0506-1-disable-windows-firewall/
https://goverlan.com
https://www.goverlan.com/knowledge/article/security-advisory-govsa-2022-0506-1-disable-windows-firewall/