Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2023/Mar/26 | Exploit Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2024/Apr/17 | |
https://community.netwitness.com/t5/netwitness-platform-security/nw-2023-04-netwitness-platform-security-advisory-cve-2022-47529/ta-p/696935 | Permissions Required |
https://github.com/hyp3rlinx/CVE-2022-47529 | |
https://hyp3rlinx.altervista.org/advisories/RSA_NETWITNESS_EDR_AGENT_INCORRECT_ACCESS_CONTROL_CVE-2022-47529.txt | Exploit Third Party Advisory |
https://packetstormsecurity.com/files/171476/RSA-NetWitness-Endpoint-EDR-Agent-12.x-Incorrect-Access-Control-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://seclists.org/fulldisclosure/2023/Mar/16 | Mailing List Third Party Advisory |
https://twitter.com/hyp3rlinx/status/1639335477839790105 | Third Party Advisory |
Configurations
History
11 Apr 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Apr 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Apr 2023, 16:51
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:rsa:netwitness:*:*:*:*:*:*:*:* | |
References | (MISC) https://seclists.org/fulldisclosure/2023/Mar/16 - Mailing List, Third Party Advisory | |
References | (MISC) https://hyp3rlinx.altervista.org/advisories/RSA_NETWITNESS_EDR_AGENT_INCORRECT_ACCESS_CONTROL_CVE-2022-47529.txt - Exploit, Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2023/Mar/26 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) https://twitter.com/hyp3rlinx/status/1639335477839790105 - Third Party Advisory | |
References | (MISC) https://community.netwitness.com/t5/netwitness-platform-security/nw-2023-04-netwitness-platform-security-advisory-cve-2022-47529/ta-p/696935 - Permissions Required | |
References | (MISC) https://packetstormsecurity.com/files/171476/RSA-NetWitness-Endpoint-EDR-Agent-12.x-Incorrect-Access-Control-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
First Time |
Rsa netwitness
Rsa |
|
CWE | NVD-CWE-Other | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
31 Mar 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Mar 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-28 13:15
Updated : 2024-04-11 08:15
NVD link : CVE-2022-47529
Mitre link : CVE-2022-47529
CVE.ORG link : CVE-2022-47529
JSON object : View
Products Affected
rsa
- netwitness
CWE