Vulnerability Details : CVE-2022-36174
Potential exploit
FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update service.
Products affected by CVE-2022-36174
- cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:linux:*:*
- cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:windows:*:*
- cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:macos:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-36174
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-36174
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2022-36174
-
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-36174
-
https://public-exposure.inform.social/post/integrity-checking/
Integrity Checking - an Integral Part of Cyber SecurityExploit;Third Party Advisory
-
https://community.freshworks.com/product-updates/freshservice-release-notes-april-2022-23982#Security+updates:+Discovery+Probe+and+Discovery+Agent
Freshservice Release Notes - April 2022 | Freshworks CommunityRelease Notes;Vendor Advisory
Jump to