Vulnerability Description
In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1, and Reach Client Agents before 10.1.11.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Goverlan | Client Agent | < 10.1.11 |
| Goverlan | Reach Console | < 10.5.1 |
| Goverlan | Reach Server | < 3.70.1 |
References
- https://goverlan.comVendor Advisory
- https://www.goverlan.com/knowledge/article/security-advisory-govsa-2022-0506-1-dExploitVendor Advisory
- https://goverlan.comVendor Advisory
- https://www.goverlan.com/knowledge/article/security-advisory-govsa-2022-0506-1-dExploitVendor Advisory
FAQ
What is CVE-2022-31215?
CVE-2022-31215 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of...
How severe is CVE-2022-31215?
CVE-2022-31215 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-31215?
Check the references section above for vendor advisories and patch information. Affected products include: Goverlan Client Agent, Goverlan Reach Console, Goverlan Reach Server.