FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update service.
References
Link | Resource |
---|---|
https://community.freshworks.com/product-updates/freshservice-release-notes-april-2022-23982#Security+updates:+Discovery+Probe+and+Discovery+Agent | Release Notes Vendor Advisory |
https://public-exposure.inform.social/post/integrity-checking/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
15 Sep 2022, 04:12
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-354 | |
CPE | cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:linux:*:* cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:windows:*:* cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:macos:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
References | (MISC) https://community.freshworks.com/product-updates/freshservice-release-notes-april-2022-23982#Security+updates:+Discovery+Probe+and+Discovery+Agent - Release Notes, Vendor Advisory | |
References | (MISC) https://public-exposure.inform.social/post/integrity-checking/ - Exploit, Third Party Advisory |
12 Sep 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-12 21:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-36174
Mitre link : CVE-2022-36174
CVE.ORG link : CVE-2022-36174
JSON object : View
Products Affected
freshworks
- freshservice_agent
CWE
CWE-354
Improper Validation of Integrity Check Value