304 matches found
Trellix Agent 缓冲区错误漏洞
Trellix Agent is a client component of FireEye USA Trellix, Inc. provides secure communication between McAfee ePolicy Orchestrator McAfee ePO and hosted products. A security vulnerability exists in Trellix Agent macOS versions prior to 5.7.9, which stems from a vulnerability that allows a remote...
Detecting and Visualizing Lateral Movement Attacks with Trellix Helix Connect - Part 2
Detecting and Visualizing Lateral Movement Attacks with Trellix Helix Connect - Part 2 By Maulik Maheta · May 21, 2023 This blog was also written by Chintan Shah Executive summary In the part 1 of this series we discussed in depth about the known Lateral movement attacks like abusing weak service...
Detecting and Visualizing Lateral Movement Attacks with Trellix XDR - Part 2
Detecting and Visualizing Lateral Movement Attacks with Trellix Helix Connect - Part 2 By Maulik Maheta · May 21, 2023 This blog was also written by Chintan Shah Executive summary In the part 1 of this series we discussed in depth about the known Lateral movement attacks like abusing weak service...
Trellix Agent < 5.7.9 Heap-Based Overflow Vulnerability (SB10396)
The version of Trellix Agent, formerly McAfee Agent or McAfee Policy Orchestrator ePO Agent, installed on the remote host is prior to 5.7.9. It is, therefore, affected by a heap-based overflow vulnerability in TA 5.7.8 and earlier allows a remote user to alter the page heap in the macmnsvc proces...
The Bug Report – April 2023 Edition
The Bug Report – April 2023 Edition By Trellix · May 03, 2023 This story was also written by John Rodriguez. It’s never easy coming back. Why am I here? Seems as if some of us should have stayed at our tropical vacation getaway. Nothing like coming back to the cyber world screeching about...
Trellix Agent < 5.7.9 Multiple Vulnerabilities (SB10396)
The version of Trellix Agent, formerly McAfee Agent or McAfee Policy Orchestrator ePO Agent, installed on the remote host is prior to 5.7.9. It is, therefore, affected by multiple vulnerabilities: - A vulnerability exists in TA for Windows 5.7.8 and earlier, which allows local users, during...
RTM Locker: Emerging Cybercrime Group Targeting Businesses with Ransomware
Cybersecurity researchers have detailed the tactics of a "rising" cybercriminal gang called "Read The Manual" RTM Locker that functions as a private ransomware-as-a-service RaaS provider and carries out opportunistic attacks to generate illicit profit. "The 'Read The Manual' Locker gang uses...
Trellix Agent 代码问题漏洞
Trellix Agent is a client component of FireEye USA Trellix, Inc. that provides secure communication between McAfee ePolicy Orchestrator McAfee ePO and hosted products. A security vulnerability exists in Trellix Agent that stems from a heap-based buffer overflow vulnerability...
CVE-2023-0977
A heap-based overflow vulnerability in Trellix Agent Windows and Linux version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable...
CVE-2023-0977
A heap-based overflow vulnerability in Trellix Agent Windows and Linux version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable...
CVE-2023-0975
A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions...
CVE-2023-0975
A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions...
Heap overflow
A heap-based overflow vulnerability in Trellix Agent Windows and Linux version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable...
Design/Logic Flaw
A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions...
CVE-2023-0977
CVE-2023-0977 describes a heap-based overflow in Trellix Agent (Windows and Linux) up to version 5.7.8. The vulnerability lets a remote user alter the page heap in the macmnsvc process memory block, causing the Trellix Agent service to become unavailable. Affected software: Trellix Agent (formerl...
CVE-2023-0977
A heap-based overflow vulnerability in Trellix Agent Windows and Linux version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable...
CVE-2023-0977
A heap-based overflow vulnerability in Trellix Agent Windows and Linux version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable...
CVE-2023-0975
A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions...
CVE-2023-0975
Affected software: Trellix Agent for Windows, versions 5.7.8 and earlier. Vulnerability: during install/upgrade, local users can replace an Agent executable before it runs, enabling privilege escalation. Root cause: executable replacement during the workflow. Impact: elevation of privileges for l...
CVE-2023-0975
A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions...