CVE-2022-28876 Explained : Impact and Mitigation

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and certain WithSecure products, which allows attackers to crash the scanning engine remotely by exploiting the aeheur.dll component.

Understanding CVE-2022-28876

This CVE identifies a DoS vulnerability in F-Secure and WithSecure products that can be triggered by remote attackers.

What is CVE-2022-28876?

The vulnerability in F-Secure Atlant and select WithSecure products can lead to a DoS condition by causing a crash in the scanning engine through a specific component.

The Impact of CVE-2022-28876

The vulnerability poses a medium severity risk with a CVSS base score of 4.3. It requires high privileges but can be triggered with minimal user interaction, affecting availability with low impact on confidentiality and integrity.

Technical Details of CVE-2022-28876

This section provides insights into the vulnerability specifics.

Vulnerability Description

The DoS vulnerability allows attackers to crash the scanning engine via the aeheur.dll component remotely.

Affected Systems and Versions

All F-Secure and WithSecure endpoint protection products for Windows and Mac, F-Secure Linux Security, F-Secure Atlant, and WithSecure Cloud Protection for Salesforce & Collaboration Protection are affected.

Exploitation Mechanism

Attackers exploit the aeheur.dll component in F-Secure Atlant and select WithSecure products to remotely trigger the scanning engine crash.

Mitigation and Prevention

To address CVE-2022-28876, follow these mitigation strategies.

Immediate Steps to Take

No user action is required as the fix has been released through automatic updates with the Capricorn database.

Long-Term Security Practices

Regularly update the affected F-Secure and WithSecure products to prevent exploitation of this vulnerability.

Patching and Updates

Stay vigilant for security advisories and apply patches promptly to safeguard against potential DoS attacks.