Vulnerabilities > CVE-2022-47529 - Unspecified vulnerability in RSA Netwitness 11.2.1.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- https://hyp3rlinx.altervista.org/advisories/RSA_NETWITNESS_EDR_AGENT_INCORRECT_ACCESS_CONTROL_CVE-2022-47529.txt
- https://twitter.com/hyp3rlinx/status/1639335477839790105
- https://packetstormsecurity.com/files/171476/RSA-NetWitness-Endpoint-EDR-Agent-12.x-Incorrect-Access-Control-Code-Execution.html
- https://seclists.org/fulldisclosure/2023/Mar/16
- https://community.netwitness.com/t5/netwitness-platform-security/nw-2023-04-netwitness-platform-security-advisory-cve-2022-47529/ta-p/696935
- http://seclists.org/fulldisclosure/2023/Mar/26
- https://github.com/hyp3rlinx/CVE-2022-47529
- http://seclists.org/fulldisclosure/2024/Apr/17