Lucene search

TrellixCVELIST:CVE-2023-6071

HistoryNov 30, 2023 - 12:48 p.m.

CVE-2023-6071

2023-11-3012:48:51

CWE-77

trellix

www.cve.org

esm

command

vulnerability

remote

administrator

execute

arbitrary code

root

sanitized

data source

8.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

23.0%

JSON

An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn’t correctly sanitized when adding a new data source.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ESM",
    "vendor": "Trellix",
    "versions": [
      {
        "status": "affected",
        "version": "Prior to version 11.6.9"
      }
    ]
  }
]

References

kcm.trellix.com/corporate/index?page=content&id=SB10413

8.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

23.0%

JSON

Related for CVELIST:CVE-2023-6071