Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0978

A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack

Published

2023-03-13T14:15:12.727

Last Modified

2024-11-21T07:38:13.350

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-77
Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mcafee	advanced_threat_defense	≤ 4.14.2	Yes
Application	trellix	intelligent_sandbox	5.0	Yes
Application	trellix	intelligent_sandbox	5.2	Yes

References

https://kcm.trellix.com/corporate/index?page=content&id=SB10397 Vendor Advisory ([email protected])
https://kcm.trellix.com/corporate/index?page=content&id=SB10397 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)