CVE-2022-27608

EPSS 0.04%
Veröffentlicht 04.04.2022 20:15:10
Zuletzt bearbeitet 21.11.2024 06:56:01
Quelle psirt@forcepoint.com
Teams Watchlist Login
Unerledigt Login

Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Forcepoint ≫ One Endpoint SwPlatformwindows Version < 22.01

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.128

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6	0.8	5.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:N/I:P/A:P
psirt@forcepoint.com	6	0.8	5.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://help.forcepoint.com/security/CVE/CVE-2022-27608.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-27608

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-27608

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-27608

EUVD