CVE-2023-0978

Name of the Vulnerable Software and Affected Versions Trellix Intelligent Sandbox CLI versions 5.2 and earlier

Description A command injection issue allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This is due to insufficient validation of arguments passed to specific CLI commands.

Recommendations For versions 5.2 and earlier, update to a version later than 5.2 to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable CLI command to minimize the risk of exploitation. Avoid using specially crafted strings in CLI commands until the issue is resolved.