CrowdStrike Falcon 6.31.14505.0/6.42.15610/6.44.15806 Uninstallation authorization

A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610/6.44.15806. It has been classified as problematic. Affected is an unknown function of the component Uninstallation Handler. The manipulation leads to missing authorization. Using CWE to declare the problem leads to CWE-862. The weakness was published 08/22/2022 by Pascal Zenker and Max Moser with modzero AG as Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor. The advisory is shared for download at modzero.com. This vulnerability is traded as CVE-2022-2841. It is possible to launch the attack remotely. There are no technical details available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The current price for an exploit might be approx. USD $0-$5k at the moment. It is declared as functional. The exploit is shared for download at modzero.com. The vulnerability was handled as a non-public zero-day exploit for at least 54 days. As 0-day the estimated underground price was around $0-$5k. Upgrading to version 6.40.15409, 6.42.15611 and 6.44.15807 is able to address this issue. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field09/24/2022 09:0409/24/2022 09:0612/29/2022 15:11
vendorCrowdStrikeCrowdStrikeCrowdStrike
nameFalconFalconFalcon
version6.31.14505.0/6.42.156106.31.14505.0/6.42.156106.31.14505.0/6.42.15610/6.44.15806
componentUninstallation HandlerUninstallation HandlerUninstallation Handler
cwe862 (authorization)862 (authorization)862 (authorization)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_vuldb_eFFF
cvss3_vuldb_rcRRC
identifierRidiculous vulnerability disclosure process with CrowdStrike Falcon SensorRidiculous vulnerability disclosure process with CrowdStrike Falcon SensorRidiculous vulnerability disclosure process with CrowdStrike Falcon Sensor
urlhttps://www.modzero.com/modlog/archives/2022/08/22/ridiculous_vulnerability_disclosure_process_with_crowdstrike_falcon_sensor/index.htmlhttps://www.modzero.com/modlog/archives/2022/08/22/ridiculous_vulnerability_disclosure_process_with_crowdstrike_falcon_sensor/index.htmlhttps://www.modzero.com/modlog/archives/2022/08/22/ridiculous_vulnerability_disclosure_process_with_crowdstrike_falcon_sensor/index.html
availability111
cveCVE-2022-2841CVE-2022-2841CVE-2022-2841
responsibleVulDBVulDBVulDB
date1661119200 (08/22/2022)1661119200 (08/22/2022)1661119200 (08/22/2022)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auMMM
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_vuldb_eFFF
cvss2_vuldb_rcURURUR
cvss2_vuldb_rlNDNDND
cvss3_vuldb_rlXXO
cvss2_vuldb_basescore3.33.33.3
cvss2_vuldb_tempscore3.03.02.7
cvss3_vuldb_basescore2.72.72.7
cvss3_vuldb_tempscore2.62.62.5
price_0day$0-$5k$0-$5k$0-$5k
vendorinformdate165645360016564536001656453600
cvss3_researcher_avLLL
cvss3_researcher_acLLL
cvss3_researcher_prHHH
cvss3_researcher_uiNNN
cvss3_researcher_sCCC
cvss3_researcher_cNNN
cvss3_researcher_iNNN
cvss3_researcher_aHHH
person_namePascal Zenker/Max MoserPascal Zenker/Max MoserPascal Zenker/Max Moser
person_mailmmo@*******.**mmo@*******.**mmo@*******.**
person_websitehttps://www.modzero.chhttps://www.modzero.chhttps://www.modzero.ch
company_namemodzero AGmodzero AGmodzero AG
company_websitehttps://www.modzero.chhttps://www.modzero.chhttps://www.modzero.ch
videolinkhttps://youtu.be/3If-Fqwx-4shttps://youtu.be/3If-Fqwx-4shttps://youtu.be/3If-Fqwx-4s
misc
cvss3_meta_basescore4.33.53.5
cvss3_meta_tempscore4.33.53.5
cvss3_researcher_basescore6.06.06.0
publicity111
urlhttps://www.modzero.com/advisories/MZ-22-02-CrowdStrike-FalconSensor.txthttps://www.modzero.com/advisories/MZ-22-02-CrowdStrike-FalconSensor.txthttps://www.modzero.com/advisories/MZ-22-02-CrowdStrike-FalconSensor.txt
developer_namePascal Zenker/Max MoserPascal Zenker/Max MoserPascal Zenker/Max Moser
developer_mailmmo@*******.**mmo@*******.**mmo@*******.**
developer_websitehttps://www.modzero.chhttps://www.modzero.chhttps://www.modzero.ch
company_namemodzero AGmodzero AGmodzero AG
company_websitehttps://www.modzero.chhttps://www.modzero.chhttps://www.modzero.ch
cve_assigned1660600800 (08/16/2022)1660600800 (08/16/2022)1660600800 (08/16/2022)
cve_nvd_summaryA vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610. It has been classified as problematic. Affected is the Uninstallation Handler which makes it possible to circumvent and disable the security feature. The manipulation leads to missing authorization. The identifier of this vulnerability is VDB-206880.A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610. It has been classified as problematic. Affected is the Uninstallation Handler which makes it possible to circumvent and disable the security feature. The manipulation leads to missing authorization. The identifier of this vulnerability is VDB-206880.A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610. It has been classified as problematic. Affected is the Uninstallation Handler which makes it possible to circumvent and disable the security feature. The manipulation leads to missing authorization. The identifier of this vulnerability is VDB-206880.
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prHH
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iLL
cvss3_nvd_aNN
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prHH
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cNN
cvss3_cna_iNN
cvss3_cna_aLL
cve_cnaVulDBVulDB
cvss3_nvd_basescore2.72.7
cvss3_cna_basescore2.72.7
nameUpgrade
upgrade_version6.40.15409/6.42.15611/6.44.15807
replaces214781

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!