CVE-2022-28886 Explained : Impact and Mitigation

A Denial-of-Service vulnerability in F-Secure and WithSecure Endpoint Protection products for Windows and Linux systems can lead to a scanning engine crash when unpacking PE files.

Understanding CVE-2022-28886

This vulnerability, assigned as CVE-2022-28886, affects multiple F-Secure and WithSecure products, potentially causing a Denial-of-Service (DoS) condition.

What is CVE-2022-28886?

The vulnerability allows an attacker to trigger an infinite loop in aerdl.so/aerdl.dll while unpacking PE files, leading to a scanning engine crash.

The Impact of CVE-2022-28886

With a CVSS base score of 4.3, this Medium severity vulnerability can be exploited remotely, requiring high privileges but no user interaction. It can impact the availability of affected systems and services.

Technical Details of CVE-2022-28886

Vulnerability Description

The flaw resides in the unpacking functionality of PE files in the affected F-Secure and WithSecure products, which may cause the scanning engine to enter an infinite loop.

Affected Systems and Versions

All F-Secure and WithSecure Endpoint Protection products for Windows running 32-bit OS, F-Secure Linux Security 32, and F-Secure Internet Gatekeeper are impacted.

Exploitation Mechanism

Attackers can exploit this vulnerability via a network connection, with no user interaction required and high privileges necessary to trigger the DoS condition.

Mitigation and Prevention

Immediate Steps to Take

No user action is required as a fix has been released through an automatic update channel with Capricorn database on September 13, 2022.

Long-Term Security Practices

Ensure timely installation of security updates and patches for the affected F-Secure and WithSecure products. Regularly monitor security advisories from the vendors for any further mitigation steps.