QwikSec

Security Database

CVE

CWE

Training

CVE-2022-47529

Published: Mar 28, 2023

Modified: Aug 3, 2024

PUBLISHED

Description

Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://twitter.com/hyp3rlinx/status/1639335477839790105

https://hyp3rlinx.altervista.org/advisories/RSA_NETWITNESS_EDR_AGENT_INCORRECT_ACCESS_CONTROL_CVE-2022-47529.txt

https://packetstormsecurity.com/files/171476/RSA-NetWitness-Endpoint-EDR-Agent-12.x-Incorrect-Access-Control-Code-Execution.html

https://seclists.org/fulldisclosure/2023/Mar/16

https://community.netwitness.com/t5/netwitness-platform-security/nw-2023-04-netwitness-platform-security-advisory-cve-2022-47529/ta-p/696935

20230330 RSA NetWitness EDR Agent / Incorrect Access Control - Code Execution / CVE-2022-47529

mailing-list

https://github.com/hyp3rlinx/CVE-2022-47529

20240410 Trojan.Win32.Razy.abc / Insecure Permissions (In memory IPC)

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.