CVE-2023-0978
Last modified
CVE-2023-0978 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Advanced Threat Defense | >= 4.0, <= 4.14.2 |
| Trellix | Intelligent Sandbox | 5.0 |
| Trellix | Intelligent Sandbox | 5.2 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-0978?
How severe is CVE-2023-0978?
How do I fix CVE-2023-0978?
Are you affected by CVE-2023-0978?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST