What is CVE-2023-44248?

CVE-2023-44248 is an improper access control vulnerability in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all, which may allow a local attacker to prevent the collector service from starting in the next system reboot by tampering with some registry keys.

What is the severity of CVE-2023-44248?

The severity of CVE-2023-44248 is medium with a CVSS score of 5.5.

How can the improper access control vulnerability in FortiEDRCollectorWindows be exploited?

The improper access control vulnerability in FortiEDRCollectorWindows can be exploited by a local attacker who tampers with certain registry keys to prevent the collector service from starting in the next system reboot.

What is the affected software version range for CVE-2023-44248?

The affected software versions for CVE-2023-44248 are FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, and 4.0.0.

How can I mitigate the CVE-2023-44248 vulnerability?

To mitigate the CVE-2023-44248 vulnerability, it is recommended to update FortiEDRCollectorWindows to a version that is not affected by the vulnerability.

Vulnerability/
CVE-2023-44248

medium

5.5

CWE

284

14/11/2023

30/8/2024

CVE-2023-44248

First published: Tue Nov 14 2023(Updated: )

An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service.

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet Fortiedr	>=5.0.3<=5.0.3.1007
Fortinet Fortiedr	>=5.2.0<=5.2.0.4549
Fortinet Fortiedr	=4.0.0

Remedy

Please upgrade to FortiEDRCollectorWindows version 5.2.0.4581 or above Please upgrade to FortiEDRCollectorWindows version 5.0.3.1016 or above

Never miss a vulnerability like this again

Reference Links

https://fortiguard.com/psirt/FG-IR-23-306

Frequently Asked Questions

What is CVE-2023-44248?
CVE-2023-44248 is an improper access control vulnerability in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all, which may allow a local attacker to prevent the collector service from starting in the next system reboot by tampering with some registry keys.
What is the severity of CVE-2023-44248?
The severity of CVE-2023-44248 is medium with a CVSS score of 5.5.
How can the improper access control vulnerability in FortiEDRCollectorWindows be exploited?
The improper access control vulnerability in FortiEDRCollectorWindows can be exploited by a local attacker who tampers with certain registry keys to prevent the collector service from starting in the next system reboot.
What is the affected software version range for CVE-2023-44248?
The affected software versions for CVE-2023-44248 are FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, and 4.0.0.
How can I mitigate the CVE-2023-44248 vulnerability?
To mitigate the CVE-2023-44248 vulnerability, it is recommended to update FortiEDRCollectorWindows to a version that is not affected by the vulnerability.

collector/nvd-api
agent/references
agent/severity
agent/weakness
agent/author
agent/type
agent/description
agent/event
agent/softwarecombine
agent/first-publish-date
agent/remedy
agent/last-modified-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/fortinet
canonical/fortinet fortiedr
version/fortinet fortiedr/5.0.3
version/fortinet fortiedr/5.0.3.1007
version/fortinet fortiedr/5.2.0
version/fortinet fortiedr/5.2.0.4549
version/fortinet fortiedr/4.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.