Vulnerability Details : CVE-2022-28881
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
Vulnerability category: Denial of service
Products affected by CVE-2022-28881
- cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*
- cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:elements_endpoint_detection_and_response:*:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:elements_collaboration_protection:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-28881
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-28881
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L |
0.9
|
3.4
|
F-Secure | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
References for CVE-2022-28881
-
https://www.withsecure.com/en/support/security-advisories
Security advisories | WithSecureâ„¢Vendor Advisory
-
https://www.f-secure.com/en/business/support-and-downloads/security-advisories
Security advisories | F-SecureVendor Advisory
Jump to