CVE-2022-47529

MEDIUM

RSA NetWitness <12.2 - Privilege Escalation

Title source: llm

Description

Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.

Exploits (2)

nomisec WORKING POC 1 stars

by hyp3rlinx · poc

https://github.com/hyp3rlinx/CVE-2022-47529

View Code ZIP pw:eip

exploitdb WORKING POC

by hyp3rlinx · textlocalwindows

https://www.exploit-db.com/exploits/51336

View Code ZIP pw:eip

References (8)

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2023/Mar/26

[Mailing List] http://seclists.org/fulldisclosure/2024/Apr/17

[Permissions Required] https://community.netwitness.com/t5/netwitness-platform-security/nw-2023-04-netwitness-platform-security-advisory-cve-2022-47529/ta-p/696935

[Various Sources] https://github.com/hyp3rlinx/CVE-2022-47529

[Exploit, Third Party Advisory] https://hyp3rlinx.altervista.org/advisories/RSA_NETWITNESS_EDR_AGENT_INCORRECT_ACCESS_CONTROL_CVE-2022-47529.txt

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/171476/RSA-NetWitness-Endpoint-EDR-Agent-12.x-Incorrect-Access-Control-Code-Execution.html

[Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2023/Mar/16

[Third Party Advisory] https://twitter.com/hyp3rlinx/status/1639335477839790105

Scores

CVSS v3 6.7

EPSS 0.0335

EPSS Percentile 87.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

Status published

Affected Products (1)

rsa/netwitness < 12.2

Timeline

Published Mar 28, 2023

Tracked Since Feb 18, 2026