CVE-2022-36174

FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update service.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:windows:*:*
cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:linux:*:*
cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:macos:*:*

History

15 Sep 2022, 04:12

Type Values Removed Values Added
CWE CWE-354
CPE cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:linux:*:*
cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:windows:*:*
cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:macos:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.1
References (MISC) https://community.freshworks.com/product-updates/freshservice-release-notes-april-2022-23982#Security+updates:+Discovery+Probe+and+Discovery+Agent - (MISC) https://community.freshworks.com/product-updates/freshservice-release-notes-april-2022-23982#Security+updates:+Discovery+Probe+and+Discovery+Agent - Release Notes, Vendor Advisory
References (MISC) https://public-exposure.inform.social/post/integrity-checking/ - (MISC) https://public-exposure.inform.social/post/integrity-checking/ - Exploit, Third Party Advisory

12 Sep 2022, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-12 21:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-36174

Mitre link : CVE-2022-36174

CVE.ORG link : CVE-2022-36174


JSON object : View

Products Affected

freshworks

  • freshservice_agent
CWE
CWE-354

Improper Validation of Integrity Check Value