Lucene search

[email protected]CVE-2023-3665

HistoryOct 04, 2023 - 3:15 p.m.

CVE-2023-3665

2023-10-0415:15:12

CWE-94

CWE-74

[email protected]

web.nvd.nist.gov

cve-2023-3665

code injection

trellix ens

vulnerability

denial of service

arbitrary code execution

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables,
leading to denial of service and or the execution of arbitrary code.

Affected configurations

NVD

Node

trellixendpoint_securityRange≤10.7.0

CPENameOperatorVersion
trellix:endpoint_securitytrellix endpoint securityle10.7.0

CPE	Name	Operator	Version
trellix:endpoint_security	trellix endpoint security	le	10.7.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Trellix Endpoint Security",
    "vendor": "Trellix ",
    "versions": [
      {
        "status": "affected",
        "version": "10.7.0"
      }
    ]
  }
]

References

kcm.trellix.com/corporate/index?page=content&id=SB10405

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-3665

nessus1 prion1 cvelist1 nvd1