OS Common Injection Vulnerability in ESM Certificate API by Vendor
CVE-2023-3313

7.8HIGH

Key Information:

Vendor: Trellix
Status: Enterprise Security Manager
Vendor: CVE Published:; 3 July 2023

Summary

The ESM certificate API has a vulnerability that stems from improperly sanitized input, leading to the possibility of command injection by unauthorized users. This flaw could facilitate privilege escalation and allow malicious actors to execute arbitrary commands within the system, potentially compromising security and integrity.

Affected Version(s)

Enterprise Security Manager Windows 11.6.3

References

https://kcm.trellix.com/corporate/index?page=content&id=S...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 3, 2023
Vulnerability Reserved
Jun 19, 2023

Credit

Andre Waldhoff (condignum GmbH)

Johannes Bär (condignum GmbH)