CVE-2022-27608

EPSS 0.04%
Published 04.04.2022 20:15:10
Last modified 21.11.2024 06:56:01
Source psirt@forcepoint.com
Teams watchlist Login
Open Login

Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Forcepoint ≫ One Endpoint SwPlatformwindows Version < 22.01

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.128

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6	0.8	5.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:N/I:P/A:P
psirt@forcepoint.com	6	0.8	5.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://help.forcepoint.com/security/CVE/CVE-2022-27608.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-27608

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-27608

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-27608

EUVD