Headline
CVE-2022-47529
Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.
Related news
Trojan.Win32.Razy.abc MVID-2024-0678 Insecure Permissions
Trojan.Win32.Razy.abc malware suffers from an insecure permissions vulnerability.
RSA NetWitness Endpoint EDR Agent 12.x Incorrect Access Control / Code Execution
RSA NetWitness Endpoint EDR Agent version 12.x suffers from incorrect access controls that allow for code execution. It allows local users to stop the Endpoint Windows agent from sending the events to a SIEM or make the agent run user-supplied commands.