CVE-2022-47529

Published on: Not Yet Published

Last Modified on: 04/13/2023 07:15:00 AM UTC

CVE-2022-47529

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Certain versions of Netwitness from Rsa contain the following vulnerability:

Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.

CVE-2022-47529 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 6.7 - MEDIUM

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
LOCAL	LOW	HIGH	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	HIGH	HIGH

CVE References

Description	Tags ^ⓘ	Link
	hyp3rlinx.altervista.org text/x-c	MISC hyp3rlinx.altervista.org/advisories/RSA_NETWITNESS_EDR_AGENT_INCORRECT_ACCESS_CONTROL_CVE-2022-47529.txt
RSA SecurID PASSCODE Request	community.netwitness.com text/html	MISC community.netwitness.com/t5/netwitness-platform-security/nw-2023-04-netwitness-platform-security-advisory-cve-2022-47529/ta-p/696935
GitHub - hyp3rlinx/CVE-2022-47529: RSA NetWitness Platform EDR Agent / Incorrect Access Control - Code Execution	github.com text/html	MISC github.com/hyp3rlinx/CVE-2022-47529
Full Disclosure: RSA NetWitness Platform EDR / Incorrect Access Control - Code Execution	seclists.org text/html	MISC seclists.org/fulldisclosure/2023/Mar/16
RSA NetWitness Endpoint EDR Agent 12.x Incorrect Access Control / Code Execution ≈ Packet Storm	packetstormsecurity.com text/html	MISC packetstormsecurity.com/files/171476/RSA-NetWitness-Endpoint-EDR-Agent-12.x-Incorrect-Access-Control-Code-Execution.html
Full Disclosure: RSA NetWitness EDR Agent / Incorrect Access Control - Code Execution / CVE-2022-47529	seclists.org text/html	FULLDISC 20230330 RSA NetWitness EDR Agent / Incorrect Access Control - Code Execution / CVE-2022-47529
JavaScript is not available.	nitter.domain.glass text/html	MISC twitter.com/hyp3rlinx/status/1639335477839790105

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

There are currently no QIDs associated with this CVE

Exploit/POC from Github

RSA NetWitness Platform EDR Agent / Incorrect Access Control - Code Execution

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Rsa	Netwitness	All	All	All	All

cpe:2.3:a:rsa:netwitness:*:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@hyp3rlinx	RSA NetWitness Platform EDR Agent / Incorrect Access Control - Code Execution CVE-2022-47529 hyp3rlinx.altervista.org/advisories/RSA…	2023-03-24 18:36:49
@CVEreport	CVE-2022-47529 : Insecure Win32 memory objects in Endpoint #Windows Agents in RSA NetWitness Platform before 12.2 a… twitter.com/i/web/status/1…	2023-03-28 13:05:11
/r/netcve	CVE-2022-47529	2023-03-28 13:38:46