Vulnerability Details CVE-2022-36173
FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.7%
CVSS Severity
CVSS v3 Score 8.1
References
- https://community.freshworks.com/product-updates/freshservice-release-notes-april-2022-23982#Security+updates:+Discovery+Probe+and+Discovery+Agent
- https://public-exposure.inform.social/post/integrity-checking/
- https://community.freshworks.com/product-updates/freshservice-release-notes-april-2022-23982#Security+updates:+Discovery+Probe+and+Discovery+Agent
- https://public-exposure.inform.social/post/integrity-checking/
Products affected by CVE-2022-36173
-
cpe:2.3:a:freshworks:freshservice_agent:*
-
cpe:2.3:a:freshworks:freshservice_probe:*