← Voltar para CVEs
CVE-2023-3665
MEDIUM5.5
Descricao
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code.
Detalhes CVE
Pontuacao CVSS v3.15.5
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado10/4/2023
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
trellix:endpoint_security
Fraquezas (CWE)
CWE-74CWE-94
Referencias
https://kcm.trellix.com/corporate/index?page=content&id=SB10405(trellixpsirt@trellix.com)
https://kcm.trellix.com/corporate/index?page=content&id=SB10405(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.