NW-2023-04: NetWitness Platform Security Advisory: CVE-2022-47529 Windows Endpoint Vulnerabilities

NetWitness Identifier

NW-2023-04

CVE Identifier

 

CVE-2022-47529

NetWitness Severity

Critical

 

Affected Products

 

NetWitness Endpoint Windows agent all versions prior to the 12.2 version.

 

 

 

Summary

CVE-2022-47529 allows local users to stop the Endpoint Windows agent from sending the events to SIEM or make the agent run user-supplied command.

 

 

 

Mitigation Steps

 

Update the NetWitness Endpoint Windows agent to the latest patched versions (available patched versions are: 11.7.2 HF, 11.7.3, 12.1 HF, 12.2).

If you have more questions or need further assistance, contact  NetWitness Customer Support.

 

 

Legal Information

Read and use the information in this NetWitness Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact NetWitness Customer Support. NetWitness and its affiliates distribute Netwitness Advisories in order to bring to the attention of users of the affected NetWitness products, important security information.

Netwitness recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Netwitness disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title, and non-infringement.

In no event shall NetWitness, its affiliates or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if NetWitness, its affiliates or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.