CVE-2022-47529 — MEDIUM (6.7)

Q: How severe is CVE-2022-47529?

CVE-2022-47529 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-47529?

Check the references section above for vendor advisories and patch information. Affected products include: Rsa Netwitness.

Vulnerability Description

Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Rsa	Netwitness	< 12.2

References

http://seclists.org/fulldisclosure/2023/Mar/26ExploitMailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2024/Apr/17
https://community.netwitness.com/t5/netwitness-platform-security/nw-2023-04-netwPermissions Required
https://github.com/hyp3rlinx/CVE-2022-47529
https://hyp3rlinx.altervista.org/advisories/RSA_NETWITNESS_EDR_AGENT_INCORRECT_AExploitThird Party Advisory
https://packetstormsecurity.com/files/171476/RSA-NetWitness-Endpoint-EDR-Agent-1ExploitThird Party AdvisoryVDB Entry
https://seclists.org/fulldisclosure/2023/Mar/16Mailing ListThird Party Advisory
https://twitter.com/hyp3rlinx/status/1639335477839790105Third Party Advisory
http://seclists.org/fulldisclosure/2023/Mar/26ExploitMailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2024/Apr/17
https://community.netwitness.com/t5/netwitness-platform-security/nw-2023-04-netwPermissions Required
https://github.com/hyp3rlinx/CVE-2022-47529
https://hyp3rlinx.altervista.org/advisories/RSA_NETWITNESS_EDR_AGENT_INCORRECT_AExploitThird Party Advisory
https://packetstormsecurity.com/files/171476/RSA-NetWitness-Endpoint-EDR-Agent-1ExploitThird Party AdvisoryVDB Entry
https://seclists.org/fulldisclosure/2023/Mar/16Mailing ListThird Party Advisory

FAQ

What is CVE-2022-47529?

CVE-2022-47529 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to eithe...

How severe is CVE-2022-47529?

CVE-2022-47529 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-47529?

Check the references section above for vendor advisories and patch information. Affected products include: Rsa Netwitness.