Lucene search

TrellixCVELIST:CVE-2023-0221

HistoryJan 13, 2023 - 3:19 p.m.

CVE-2023-0221

2023-01-1315:19:03

CWE-269

trellix

www.cve.org

cve-2023-0221

acc

security bypass

administrator privileges

execution controls

utilman program

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Application and Change Control",
    "vendor": "Trellix",
    "versions": [
      {
        "lessThan": "8.3.4",
        "status": "affected",
        "version": "8.x",
        "versionType": "custom"
      }
    ]
  }
]

References

kcm.trellix.com/corporate/index?page=content&id=SB10370

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-0221