Описание
An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.7.8 (исключая)
cpe:2.3:a:trellix:agent:*:*:*:*:windows:*:*:*
EPSS
Процентиль: 39%
0.00179
Низкий
6.7 Medium
CVSS3
Дефекты
CWE-427
Связанные уязвимости
CVSS3: 6.7
github
около 3 лет назад
An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.
EPSS
Процентиль: 39%
0.00179
Низкий
6.7 Medium
CVSS3
Дефекты
CWE-427