CVE-2022-28885 - OpenCVE

A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing the scanning request.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
F-secure	Linux Security Atlant

Configuration 1 [-]

OR	cpe:2.3:a:f-secure:atlant:-:::::::*
	cpe:2.3:a:f-secure:linux_security:-::::::x64:

References

Link	Resource
https://www.withsecure.com/en/expertise/people	Vendor Advisory
https://www.withsecure.com/en/support/security-advisories	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: F-SecureUS

Published: 2022-09-06T17:18:51

Updated: 2022-09-06T17:18:51

Reserved: 2022-04-08T00:00:00

Link: CVE-2022-28885

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-06T18:15:12.957

Modified: 2022-09-09T15:48:40.160

Link: CVE-2022-28885

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "F-Secure Linux Security 64 F-Secure Atlant", "vendor": "WithSecure ", "versions": [{"status": "affected", "version": "All Version "}]}], "descriptions": [{"lang": "en", "value": "A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing the scanning request."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Denial of Service Vulnerability ", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-06T17:18:51", "orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "shortName": "F-SecureUS"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.withsecure.com/en/support/security-advisories"}, {"tags": ["x_refsource_MISC"], "url": "https://www.withsecure.com/en/expertise/people"}], "solutions": [{"lang": "en", "value": "FIX No User action is required. The required fix has been published through automatic update channel with BaseGuard version 1.0.655 on 2022-08-31"}], "source": {"discovery": "EXTERNAL"}, "title": "Denial-of-Service (DoS) Vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-notifications-us@f-secure.com", "ID": "CVE-2022-28885", "STATE": "PUBLIC", "TITLE": "Denial-of-Service (DoS) Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "F-Secure Linux Security 64 F-Secure Atlant", "version": {"version_data": [{"version_affected": "=", "version_value": "All Version "}]}}]}, "vendor_name": "WithSecure "}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing the scanning request."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service Vulnerability "}]}]}, "references": {"reference_data": [{"name": "https://www.withsecure.com/en/support/security-advisories", "refsource": "MISC", "url": "https://www.withsecure.com/en/support/security-advisories"}, {"name": "https://www.withsecure.com/en/expertise/people", "refsource": "MISC", "url": "https://www.withsecure.com/en/expertise/people"}]}, "solution": [{"lang": "en", "value": "FIX No User action is required. The required fix has been published through automatic update channel with BaseGuard version 1.0.655 on 2022-08-31"}], "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "assignerShortName": "F-SecureUS", "cveId": "CVE-2022-28885", "datePublished": "2022-09-06T17:18:51", "dateReserved": "2022-04-08T00:00:00", "dateUpdated": "2022-09-06T17:18:51", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f-secure:atlant:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A8AF772-E3DC-4C9B-B3E8-81103D3B7BC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:linux_security:-:*:*:*:*:*:x64:*", "matchCriteriaId": "CFC28A07-0476-40F0-9698-58CBACA7D053", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing the scanning request."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en el componente fsicapd usado en los productos WithSecure por la que el servicio puede bloquearse mientras analiza la petici\u00f3n de escaneo.\n"}], "id": "CVE-2022-28885", "lastModified": "2022-09-09T15:48:40.160", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.4, "source": "cve-notifications-us@f-secure.com", "type": "Secondary"}]}, "published": "2022-09-06T18:15:12.957", "references": [{"source": "cve-notifications-us@f-secure.com", "tags": ["Vendor Advisory"], "url": "https://www.withsecure.com/en/expertise/people"}, {"source": "cve-notifications-us@f-secure.com", "tags": ["Vendor Advisory"], "url": "https://www.withsecure.com/en/support/security-advisories"}], "sourceIdentifier": "cve-notifications-us@f-secure.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}