CVE-2022-23440

Summary

A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiEDRFortiEDR 5.0.2, 5.0.1, 5.0.0, 4.0.0affected

Weaknesses

  • Denial of service

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References