Command Injection Vulnerability in Trellix TA for macOS
CVE-2023-0976

7.8HIGH

Key Information:

Vendor: Trellix
Status: Trellix Agent
Vendor: CVE Published:; 7 June 2023

What is CVE-2023-0976?

A command injection vulnerability exists in Trellix TA for macOS versions prior to 5.7.9, allowing local users to place a malicious file into the /Library/Trellix/Agent/bin/ directory. This malicious file can be executed when the TA deployment feature is triggered from within the System Tree, potentially leading to unauthorized file actions or system compromise.

Affected Version(s)

Trellix Agent MacOS 5.7.8

References

https://kcm.trellix.com/corporate/index?page=content&id=S...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 7, 2023
Vulnerability Reserved
Feb 23, 2023

Credit

Adam Scheblein