Lucene search

TrellixCVELIST:CVE-2022-4326

HistoryDec 16, 2022 - 3:48 p.m.

CVE-2022-4326 Trellix xAgent permission bypass vulnerability

2022-12-1615:48:07

CWE-281

trellix

www.cve.org

cve-2022-4326; trellix endpoint agent; windows; administrator privileges; uninstall bypass; removal protection vulnerability.

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection to uninstall the agent via incorrectly applied permissions in the removal protection functionality.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "xAgent",
    "vendor": "Trellix",
    "versions": [
      {
        "lessThan": "V35.31.22",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

docs.trellix.com/bundle/xagent_35-31-22_rn/page/UUID-73c848e7-6107-fe11-d83d-b17bd5b1449c.html

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-4326