cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2022-39949,https://securityvulnerability.io/vulnerability/CVE-2022-39949,Improper Resource Control Vulnerability in FortiEDR Collector,"An improper control of a resource through its lifetime in FortiEDR Collector versions may allow a privileged user to exploit this vulnerability. By using specialized tools, the user could terminate FortiEDR processes, effectively circumventing the intended EDR protection mechanisms. This vulnerability poses a significant risk as it enables a malicious actor with sufficient access to undermine security measures put in place to monitor and protect the endpoint.",Fortinet,Fortinet Fortiedr,4.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0 CVE-2022-29057,https://securityvulnerability.io/vulnerability/CVE-2022-29057,Cross-Site Scripting Vulnerability in Fortinet FortiEDR,"The vulnerability involves improper handling of user input during the web page generation process in Fortinet's FortiEDR. This flaw creates an opportunity for a remote, authenticated attacker to execute a reflected cross-site scripting attack. By injecting malicious payloads into various endpoints of the Management Console, the attacker can manipulate user sessions, redirect users to harmful sites, or steal sensitive data. This issue affects specific versions of FortiEDR, highlighting the importance of timely patching and security measures.",Fortinet,Fortinet Fortiedr,5.4,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2022-07-19T14:15:00.000Z,0 CVE-2022-23440,https://securityvulnerability.io/vulnerability/CVE-2022-23440,Use of Hard-Coded Cryptographic Key in Fortinet FortiEDR Collectors,"A vulnerability exists in the registration mechanism of FortiEDR collectors that employs hard-coded cryptographic keys. This flaw may enable a local attacker to bypass security measures, potentially allowing them to disable and uninstall the collectors from the endpoints in the same deployment. Proper security protocols and configurations are paramount to mitigate the risks associated with this vulnerability.",Fortinet,Fortinet Fortiedr,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-04-06T09:30:14.000Z,0 CVE-2022-23441,https://securityvulnerability.io/vulnerability/CVE-2022-23441,Hard-Coded Cryptographic Key Vulnerability in Fortinet's FortiEDR,"A vulnerability exists in Fortinet's FortiEDR where hard-coded cryptographic keys can be exploited. This issue allows an unauthenticated attacker within the network to impersonate and forge messages from other collectors. Such a security flaw can lead to significant risks in data integrity and trustworthiness, enabling an unauthorized party to manipulate interactions between network components.",Fortinet,Fortinet Fortiedr,9.1,CRITICAL,0.002199999988079071,false,,false,false,false,,,false,false,,2022-04-06T09:10:10.000Z,0 CVE-2022-23446,https://securityvulnerability.io/vulnerability/CVE-2022-23446,Resource Management Vulnerability in Fortinet FortiEDR,"An improper control of a resource through its lifetime has been identified in Fortinet FortiEDR version 5.0.3 and earlier. This vulnerability allows attackers to manipulate the application's root directory access permissions, leading to potential downtime and making the entire application unresponsive. Organizations utilizing affected versions are advised to review their security posture and apply necessary updates.",Fortinet,Fortinet Fortiedr,4.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-04-06T09:00:17.000Z,0