CVE-2022-28877 MEDIUM

CVE-2022-28877: Local Privilege Escalation Vulnerability in F-Secure & WithSecure Windows Endpoint Products

Vendor F-Secure And Withsecure
Product All F-Secure and WithSecure Endpoint Protection Products for Windows
Published July 21, 2022
Last update August 3, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation.

Key dates

02Disclosure timeline

July 21, 2022 CVE published
August 3, 2024 Record updated