PT-2024-15385 · Trellix · Trellix Anti-Malware Engine+1
Bahaa Naamneh
·
Published
2024-01-09
·
Updated
2024-01-16
·
CVE-2024-0206
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Trellix Anti-Malware Engine versions prior to January 2024 release
Description
A symbolic link manipulation issue allows an authenticated local user to potentially gain an escalation of privileges. This is achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files.
Recommendations
For versions prior to the January 2024 release, update to the January 2024 release or later to resolve the issue.
As a temporary workaround, consider restricting access to the Trellix ENS registry folder to minimize the risk of exploitation.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trellix Anti-Malware Engine
Trellix Ens