The French Computer Emergency Response Team (CERT-FR) has issued an advisory regarding multiple vulnerabilities discovered in F-Secure products, which could potentially lead to remote denial of service attacks.
Risk(s):
- Remote Denial of Service
Affected Systems:
- F-Secure Endpoint Protection for Windows without the automatic security patch 2023-09-11_07
- F-Secure Client Security versions 15 without the automatic security patch 2023-09-11_07
- F-Secure Server Security versions 15 without the automatic security patch 2023-09-11_07
- F-Secure Email and Server Security versions 15 without the automatic security patch 2023-09-11_07
- F-Secure Elements Endpoint Protection versions 17 without the automatic security patch 2023-09-11_07
- F-Secure Endpoint Protection for Mac without the automatic security patch 2023-09-11_07
- F-Secure Client Security for Mac versions 15 without the automatic security patch 2023-09-11_07
- F-Secure Elements Endpoint Protection for Mac 17 without the automatic security patch 2023-09-11_07
- F-Secure Endpoint Protection for Linux without the automatic security patch 2023-09-11_07
- Linux Security 64 versions 12.0 without the automatic security patch 2023-09-11_07
- Linux Protection versions 12.0 without the automatic security patch 2023-09-11_07
- F-Secure Atlant (formerly F-Secure Atlant) versions 1.0.35-1 without the automatic security patch 2023-09-11_07
Summary: Multiple vulnerabilities have been discovered in F-Secure products, allowing an attacker to trigger remote denial of service incidents.
Solution: For information on obtaining the necessary security patches, please refer to the publisher’s security bulletin (see Documentation section).
Documentation:
- F-Secure Security Advisory cve-2023-42526 dated September 14, 2023: Link
- F-Secure Security Advisory cve-2023-42521 dated September 14, 2023: Link
- F-Secure Security Advisory cve-2023-42522 dated September 14, 2023: Link
- F-Secure Security Advisory cve-2023-42523 dated September 14, 2023: Link
- F-Secure Security Advisory cve-2023-42524 dated September 14, 2023: Link
- CVE Reference CVE-2023-42521: Link
- CVE Reference CVE-2023-42522: Link
- CVE Reference CVE-2023-42523: Link
- CVE Reference CVE-2023-42524: Link
- CVE Reference CVE-2023-42526: Link