Vulnerabilities > CVE-2022-4326 - Improper Preservation of Permissions vulnerability in Trellix Endpoint Security

CVSS 6.0 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

trellix

CWE-281

NVD

Published: 2022-12-16

Updated: 2023-11-07

Summary

Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection to uninstall the agent via incorrectly applied permissions in the removal protection functionality.

Vulnerable Configurations

Part	Description	Count
Application	Trellix Trellix Endpoint Security *	1
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://docs.trellix.com/bundle/xagent_35-31-22_rn/page/UUID-73c848e7-6107-fe11-d83d-b17bd5b1449c.html