CVE-2022-36174

Опубликовано: 12 сент. 2022

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update service.

Ссылки

https://community.freshworks.com/product-updates/freshservice-release-notes-april-2022-23982#Security+updates:+Discovery+Probe+and+Discovery+Agent
Release Notes
Vendor Advisory
https://public-exposure.inform.social/post/integrity-checking/
Exploit
Third Party Advisory
https://community.freshworks.com/product-updates/freshservice-release-notes-april-2022-23982#Security+updates:+Discovery+Probe+and+Discovery+Agent
Release Notes
Vendor Advisory
https://public-exposure.inform.social/post/integrity-checking/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:windows:*:*

Версия до 2.11.0 (исключая)

cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:linux:*:*

Версия до 3.3.0 (исключая)

cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:macos:*:*

Версия до 4.2.0 (исключая)

EPSS

Процентиль: 41%

0.00191

Низкий

8.1 High

CVSS3

Дефекты

CWE-354

Связанные уязвимости

GHSA-xm2c-q8p4-pp7f