CVE Vulnerability

CVE-2022-36173

FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service.

8.1 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://community.freshworks.com/product-updates/freshservice-release-notes-april-2022-23982#Security+updates:+Discovery+Probe+and+Discovery+Agent Release Notes Vendor Advisory
https://public-exposure.inform.social/post/integrity-checking/ Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:freshworks:freshservice_probe:*:*:*:*:*:*:*:*
cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:windows:*:*
cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:linux:*:*
cpe:2.3:a:freshworks:freshservice_agent:*:*:*:*:*:macos:*:*
Information

Published : 2022-09-12 09:15

Updated : 2022-09-15 04:12

NVD link : CVE-2022-36173

Mitre link : CVE-2022-36173

Products Affected
No products.
CWE
CWE-295

Improper Certificate Validation