CVE-2022-39949

Summary

An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiEDRFortiEDR CollectorWindows 4.0.0  through 4.1, 5.0.0 through 5.0.3.751, 5.1.0affected

Weaknesses

  • Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References