Published: 28/03/2023 Updated: 11/04/2024

CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

VMScore: 0

Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform prior to 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rsa netwitness

RSA NetWitness Endpoint EDR Agent version 12x suffers from incorrect access controls that allow for code execution It allows local users to stop the Endpoint Windows agent from sending the events to a SIEM or make the agent run user-supplied commands ...

TrojanWin32Razyabc malware suffers from an insecure permissions vulnerability ...

Full Disclosure mailing list archives   By Date By Thread </form>    TrojanWin32Razyabc / Insecure Permissions (In memory IPC)   Fr ...

RSA NetWitness Platform EDR Agent / Incorrect Access Control - Code Execution

CVE-2022-47529 RSA NetWitness Platform EDR Agent / Incorrect Access Control - Code Execution During a security audit of the EDR agent I discovered a novel vector to tamper with the service with only standard user rights by targeting an insecure Win32 memory event object Hijacking the service config can also be done if running the exploit as admin CVE-2022-47529 allows local u

NVD-CWE-Other https://hyp3rlinx.altervista.org/advisories/RSA_NETWITNESS_EDR_AGENT_INCORRECT_ACCESS_CONTROL_CVE-2022-47529.txt https://twitter.com/hyp3rlinx/status/1639335477839790105 https://packetstormsecurity.com/files/171476/RSA-NetWitness-Endpoint-EDR-Agent-12.x-Incorrect-Access-Control-Code-Execution.html https://seclists.org/fulldisclosure/2023/Mar/16 https://community.netwitness.com/t5/netwitness-platform-security/nw-2023-04-netwitness-platform-security-advisory-cve-2022-47529/ta-p/696935 http://seclists.org/fulldisclosure/2023/Mar/26 https://github.com/hyp3rlinx/CVE-2022-47529 http://seclists.org/fulldisclosure/2024/Apr/17 https://nvd.nist.gov https://github.com/hyp3rlinx/CVE-2022-47529 https://packetstormsecurity.com/files/171476/RSA-NetWitness-Endpoint-EDR-Agent-12.x-Incorrect-Access-Control-Code-Execution.html

CVE-2022-47529

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect