CVE-2022-28880

moderate-risk

Published 2022-08-05

A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker.

Do I need to act?

0.18% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (8)

Elements Endpoint Detection And Response

Elements Endpoint Protection

Atlant

Cloud Protection For Salesforce

Elements Collaboration Protection

Internet Gatekeeper

Linux Security

Linux Security 64

Affected Vendors

F-Secure

References (4)

Not Applicable https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fa...

Not Applicable https://www.withsecure.com/en/expertise/people

Not Applicable https://www.f-secure.com/en/home/support/vulnerability-reward-program/hall-of-fa...

Not Applicable https://www.withsecure.com/en/expertise/people

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 14/34 · Moderate