Trellix · Trellix Intelligent Sandbox Cli · CVE-2023-0978
**Name of the Vulnerable Software and Affected Versions**
Trellix Intelligent Sandbox CLI versions 5.2 and earlier
**Description**
A command injection issue allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This is due to insufficient validation of arguments passed to specific CLI commands.
**Recommendations**
For versions 5.2 and earlier, update to a version later than 5.2 to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable CLI command to minimize the risk of exploitation. Avoid using specially crafted strings in CLI commands until the issue is resolved.