Denial-of-Service (DoS) Vulnerability

Vulnerability

A denial-of-service (DoS) vulnerability exists in the fsicapd component used in WithSecure products. The service may crash while parsing a specially crafted scanning request. The affected versions are not explicitly listed in the available references, but the advisory is dated 2022-09-06 and impacts multiple WithSecure products that incorporate the fsicapd component [1].

Exploitation

An attacker can trigger this vulnerability by sending a malicious scanning request to the fsicapd service. No authentication or special privileges are required if the service is exposed to untrusted network traffic. The exact network position needed depends on product deployment; the request could originate from a local process or a remote attacker depending on the product configuration [1].

Impact

Successful exploitation causes the fsicapd service to crash, resulting in a denial-of-service condition. This may prevent legitimate scanning operations and could disrupt normal product functionality until the service is restarted [1].

Mitigation

WithSecure has released security updates to address this vulnerability. Users should apply the latest product updates as provided in the security advisory [1]. No specific workarounds are documented in the available references.