Описание
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.7.0 (включая)
cpe:2.3:a:trellix:endpoint_security:*:*:*:*:*:*:*:*
EPSS
Процентиль: 23%
0.00076
Низкий
5.5 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-74
CWE-94
Связанные уязвимости
CVSS3: 5.5
github
больше 2 лет назад
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code.
EPSS
Процентиль: 23%
0.00076
Низкий
5.5 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-74
CWE-94