Description

A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack

Related CPE's

a

mcafee

advanced_threat_defense

Vulnerable

a

trellix

intelligent_sandbox

2

References

https://kcm.trellix.com/corporate/index?page=content&id=SB10397

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-77

[email protected]

Secondary
CWE-77

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-03-13T14:15:12.727

2 years ago

Last modified

2023-11-07T04:02:04.857

1 year ago