PT-2023-16658 · Trellix · Ta

Adam Scheblein

Publicado

2023-06-07

Atualizado

2023-06-13

CVE-2023-0976

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TA for mac-OS versions prior to 5.7.9

Description A command injection issue allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree.

Recommendations For versions prior to 5.7.9, update to version 5.7.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the TA deployment feature in the System Tree to minimize the risk of exploitation.

Correção

Uncontrolled Search Path Element

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-427

Identificadores relacionados

CVE-2023-0976

PT-2023-16658 · Trellix · Ta

CVE-2023-0976

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4