|
Subject: CVE-2022-22965 (Spring4Shell) and FortiEDR
CVE-2022-22965 vulnerability is a 0-day exploit that was discovered on a popular Java lightweight open source framework: Spring Framework.
This zero-day can result in a Remote Code Execution.
It has been found that FortiEDR servers are non-exploitable to this vulnerability and hence it doesn't affect FortiEDR customers. Due to that, there is no planned FortiEDR release or patch to mitigate the issue.
For more details regarding mitigating the vulnerability by utilizing Fortinet products, refer to https://www.fortiguard.com/outbreak-alert/spring4shell-vulnerability
FortiEDR Protection.
FortiEDR monitors and protects against payloads delivered by exploitation of the Spring4shell vulnerability, known as CVE-2022-22965.
Protecting against the payloads is empowered by FortiEDR core, OS centric, technology that exists in all FortiEDR versions.
This technology enables FortiEDR to block post-exploitation activity associated with adversaries attempting to utilize the vulnerability to gain a foothold within the environment.
|
