CVE-2023-44248

Published: Nov 14, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service.

Affected (3)

Products: Fortinet: Fortiedr

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiedr	From 5.0.3 to 5.0.3.1007
Fortinet Fortiedr	From 5.2.0 to 5.2.0.4549
Fortinet Fortiedr	Version 4.0.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://fortiguard.com/psirt/FG-IR-23-306

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-23-306

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.