CVE-2022-28877
Last modified
CVE-2022-28877 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation.. EPSS estimates a 0.33% chance of exploitation in the next 30 days.
Description
This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation.
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| F-Secure | Elements Endpoint Protection | All versions |
References
- https://www.withsecure.com/en/support/security-advisoriesVendor Advisory
- https://www.withsecure.com/en/support/security-advisoriesVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-28877?
How severe is CVE-2022-28877?
How do I fix CVE-2022-28877?
Are you affected by CVE-2022-28877?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST