CVE-2022-39949: 
FortiEDR vulnerability analysis and mitigation

An improper control of a resource through its lifetime vulnerability (CVE-2022-39949) was identified in FortiEDR CollectorWindows versions 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, and 5.1.0. This vulnerability was discovered and disclosed in November 2022, affecting Fortinet's EDR protection system (NVD).

The vulnerability is classified under CWE-664 (Improper Control of a Resource Through its Lifetime). It received a CVSS v3.1 base score of 5.5 (Medium) from NIST with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, while Fortinet assigned it a slightly lower score of 4.4 (Medium) with a vector string of CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability allows privileged users to terminate FortiEDR processes using special tools, potentially leading to a complete bypass of the EDR protection mechanisms. This primarily affects the availability of the security system, as indicated by the high availability impact in the CVSS scoring (NVD).

Fortinet has addressed this vulnerability in subsequent releases. Organizations should upgrade their FortiEDR CollectorWindows to versions newer than the affected ranges: 4.0.0-4.1, 5.0.0-5.0.3.751, and 5.1.0 (Fortinet Advisory).