Vulnerabilities > CVE-2023-5607 - Unspecified vulnerability in Trellix Application and Change Control

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

trellix

NVD

Published: 2023-11-27

Updated: 2024-11-21

Summary

An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content.

Vulnerable Configurations

Part	Description	Count
Application	Trellix Trellix Application AND Change Control -	1

References

https://kcm.trellix.com/corporate/index?page=content&id=SB10411
https://kcm.trellix.com/corporate/index?page=content&id=SB10411