CVE-2022-28878 - OpenCVE

A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
F-secure	Linux Security 64 Internet Gatekeeper Elements Collaboration Protection Linux Security Elements Endpoint Protection Atlant Cloud Protection For Salesforce
Microsoft	Windows
Apple	Macos

Configuration 1 [-]

AND

cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:f-secure:atlant:-:::::::*
	cpe:2.3:a:f-secure:cloud_protection_for_salesforce:-:::::::*
	cpe:2.3:a:f-secure:elements_collaboration_protection:-:::::::*
	cpe:2.3:a:f-secure:internet_gatekeeper:-:::::-::
	cpe:2.3:a:f-secure:linux_security:-::::::x86:
	cpe:2.3:a:f-secure:linux_security_64:-:::::::*

References

Link	Resource
https://www.f-secure.com/en/business/support-and-downloads/security-advisories	Vendor Advisory
https://www.withsecure.com/en/support/security-advisories	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: F-SecureUS

Published: 2022-07-22T15:29:00

Updated: 2022-07-22T15:29:00

Reserved: 2022-04-08T00:00:00

Link: CVE-2022-28878

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-07-22T16:15:08.193

Modified: 2022-07-28T15:55:15.277

Link: CVE-2022-28878

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "All F-Secure and WithSecure Endpoint Protection products for Windows & Mac F-Secure Linux Security 64 F-Secure Linux Security 32 F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection", "vendor": "F-Secure", "versions": [{"status": "affected", "version": "All Version "}]}], "descriptions": [{"lang": "en", "value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Denial-of-Service (DoS) Vulnerability ", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-22T15:29:00", "orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "shortName": "F-SecureUS"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"tags": ["x_refsource_MISC"], "url": "https://www.withsecure.com/en/support/security-advisories"}], "solutions": [{"lang": "en", "value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-11_07"}], "source": {"discovery": "EXTERNAL"}, "title": "Denial-of-Service (DoS) Vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-notifications-us@f-secure.com", "ID": "CVE-2022-28878", "STATE": "PUBLIC", "TITLE": "Denial-of-Service (DoS) Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "All F-Secure and WithSecure Endpoint Protection products for Windows & Mac F-Secure Linux Security 64 F-Secure Linux Security 32 F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection", "version": {"version_data": [{"version_value": "All Version "}]}}]}, "vendor_name": "F-Secure"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial-of-Service (DoS) Vulnerability "}]}]}, "references": {"reference_data": [{"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories", "refsource": "MISC", "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"name": "https://www.withsecure.com/en/support/security-advisories", "refsource": "MISC", "url": "https://www.withsecure.com/en/support/security-advisories"}]}, "solution": [{"lang": "en", "value": "FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-07-11_07"}], "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "assignerShortName": "F-SecureUS", "cveId": "CVE-2022-28878", "datePublished": "2022-07-22T15:29:00", "dateReserved": "2022-04-08T00:00:00", "dateUpdated": "2022-07-22T15:29:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:-:*:*:*:*:*:*:*", "matchCriteriaId": "7098F9BA-B2C0-4310-96D5-D0134761F7A6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f-secure:atlant:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A8AF772-E3DC-4C9B-B3E8-81103D3B7BC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:cloud_protection_for_salesforce:-:*:*:*:*:*:*:*", "matchCriteriaId": "F04F9410-836A-428B-9959-4662E79D963D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:elements_collaboration_protection:-:*:*:*:*:*:*:*", "matchCriteriaId": "D28AA80A-1FF6-4DD6-BCCB-C455C2BB5032", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:-:*:*:*:*:-:*:*", "matchCriteriaId": "716021F0-35B9-4567-838A-DAEC65A6601F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:x86:*", "matchCriteriaId": "26113C91-7FD5-4C3B-84F7-6A986CA26461", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:linux_security_64:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5E48AF8-57C4-4DFB-9E64-E3B3352941E9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio en F-Secure Atlant y en determinados productos WithSecure al escanear el archivo APK fuzzed es posible que pueda bloquear el motor de escaneo"}], "id": "CVE-2022-28878", "lastModified": "2022-07-28T15:55:15.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.4, "source": "cve-notifications-us@f-secure.com", "type": "Secondary"}]}, "published": "2022-07-22T16:15:08.193", "references": [{"source": "cve-notifications-us@f-secure.com", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}, {"source": "cve-notifications-us@f-secure.com", "tags": ["Vendor Advisory"], "url": "https://www.withsecure.com/en/support/security-advisories"}], "sourceIdentifier": "cve-notifications-us@f-secure.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}