FortiEDR - Hardcoded AES key enable disabling local Collector
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-22-018
Final
1
1
2022-04-05T00:00:00
Current version
2022-04-05T00:00:00
2022-04-05T00:00:00
A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment.
Denial of service
FortiEDR version 5.0.0 through 5.0.2FortiEDR 4.0 all versions
Upgrade to FortiEDR version 5.0.3
Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.
FortiEDR 5.0.2
FortiEDR 5.0.1
FortiEDR 5.0.0
FortiEDR 4.0.0
FortiEDR - Hardcoded AES key enable disabling local Collector
CVE-2022-23440
FortiEDR-5.0.2
FortiEDR-5.0.1
FortiEDR-5.0.0
FortiEDR-4.0.0
7.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-22-018
FortiEDR - Hardcoded AES key enable disabling local Collector
Reference>