CVE-2023-44248: 
FortiEDR vulnerability analysis and mitigation

An improper access control vulnerability (CVE-2023-44248) was discovered in FortiEDRCollectorWindows. The vulnerability was disclosed on November 14, 2023, affecting FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, and all versions of 4.0. This vulnerability has been assigned a medium severity rating with a CVSS v3.1 score of 4.4 (Fortinet Advisory, NVD).

The vulnerability is classified as an improper access control issue (CWE-284). It allows a local attacker with privileges to tamper with specific registry keys of the service, which can prevent the collector service from starting during the next system reboot. The CVSS v3.1 metrics indicate a Local attack vector (AV:L), Low attack complexity (AC:L), High privileges required (PR:H), and No user interaction needed (UI:N) (NVD).

The primary impact of this vulnerability is a denial of service condition, specifically preventing the FortiEDR collector service from starting after a system reboot. This affects the availability of the service while having no direct impact on confidentiality or integrity of the system (Fortinet Advisory).

Fortinet has released patches to address this vulnerability. Users are advised to upgrade to FortiEDRCollectorWindows version 5.2.0.4581 or above, or version 5.0.3.1016 or above, depending on their current version (Fortinet Advisory).