{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-47529","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2024-08-03T14:55:08.330Z","dateReserved":"2022-12-19T00:00:00.000Z","datePublished":"2023-03-28T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2024-04-11T08:06:01.028Z"},"descriptions":[{"lang":"en","value":"Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"https://twitter.com/hyp3rlinx/status/1639335477839790105"},{"url":"https://hyp3rlinx.altervista.org/advisories/RSA_NETWITNESS_EDR_AGENT_INCORRECT_ACCESS_CONTROL_CVE-2022-47529.txt"},{"url":"https://packetstormsecurity.com/files/171476/RSA-NetWitness-Endpoint-EDR-Agent-12.x-Incorrect-Access-Control-Code-Execution.html"},{"url":"https://seclists.org/fulldisclosure/2023/Mar/16"},{"url":"https://community.netwitness.com/t5/netwitness-platform-security/nw-2023-04-netwitness-platform-security-advisory-cve-2022-47529/ta-p/696935"},{"name":"20230330 RSA NetWitness EDR Agent / Incorrect Access Control - Code Execution / CVE-2022-47529","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2023/Mar/26"},{"url":"https://github.com/hyp3rlinx/CVE-2022-47529"},{"name":"20240410 Trojan.Win32.Razy.abc / Insecure Permissions (In memory IPC)","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2024/Apr/17"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T14:55:08.330Z"},"title":"CVE Program Container","references":[{"url":"https://twitter.com/hyp3rlinx/status/1639335477839790105","tags":["x_transferred"]},{"url":"https://hyp3rlinx.altervista.org/advisories/RSA_NETWITNESS_EDR_AGENT_INCORRECT_ACCESS_CONTROL_CVE-2022-47529.txt","tags":["x_transferred"]},{"url":"https://packetstormsecurity.com/files/171476/RSA-NetWitness-Endpoint-EDR-Agent-12.x-Incorrect-Access-Control-Code-Execution.html","tags":["x_transferred"]},{"url":"https://seclists.org/fulldisclosure/2023/Mar/16","tags":["x_transferred"]},{"url":"https://community.netwitness.com/t5/netwitness-platform-security/nw-2023-04-netwitness-platform-security-advisory-cve-2022-47529/ta-p/696935","tags":["x_transferred"]},{"name":"20230330 RSA NetWitness EDR Agent / Incorrect Access Control - Code Execution / CVE-2022-47529","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2023/Mar/26"},{"url":"https://github.com/hyp3rlinx/CVE-2022-47529","tags":["x_transferred"]},{"name":"20240410 Trojan.Win32.Razy.abc / Insecure Permissions (In memory IPC)","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2024/Apr/17"}]}]}}