Vulnerability Details : CVE-2022-36173
FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service.
Products affected by CVE-2022-36173
- cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:macos:*:*
- cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:windows:*:*
- cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:linux:*:*
- cpe:2.3:a:freshworks:freshservice_probe:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-36173
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-36173
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2022-36173
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-36173
-
https://public-exposure.inform.social/post/integrity-checking/
Integrity Checking - an Integral Part of Cyber SecurityExploit;Third Party Advisory
-
https://community.freshworks.com/product-updates/freshservice-release-notes-april-2022-23982#Security+updates:+Discovery+Probe+and+Discovery+Agent
Freshservice Release Notes - April 2022 | Freshworks CommunityRelease Notes;Vendor Advisory
Jump to