In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1, and Reach Client Agents before 10.1.11.
References
Link | Resource |
---|---|
https://goverlan.com | Vendor Advisory |
https://www.goverlan.com/knowledge/article/security-advisory-govsa-2022-0506-1-disable-windows-firewall/ | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2022-05-20 12:15
Updated : 2024-02-28 19:09
NVD link : CVE-2022-31215
Mitre link : CVE-2022-31215
CVE.ORG link : CVE-2022-31215
JSON object : View
Products Affected
goverlan
- reach_console
- client_agent
- reach_server
CWE