CVE-2023-0978
6.4
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Trellix | Trellix Intelligent Sandbox | 5.0 <= 5.2 | affected |
Weaknesses
- CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.