Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-44248: Fortiguard

An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service.

CVE
Open in Source
#vulnerability#windows

** PSIRT Advisories**

FortiEDRCollector (Windows) - Protection may be disabled by local attacker

Summary

An improper access control vulnerabilty [CWE-284] in FortiEDRCollectorWindows may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service.

Affected Products

FortiEDRCollectorWindows version 5.2.0.4549 and below
FortiEDRCollectorWindows 5.0.3.1007 and below
FortiEDRCollectorWindows 4.0 all versions

Solutions

Please upgrade to FortiEDRCollectorWindows version 5.2.0.4581 or above
Please upgrade to FortiEDRCollectorWindows version 5.0.3.1016 or above

Timeline

2023-11-07: Initial publication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE