CSRF in ePO leading to privilege escalation
CVE-2023-5444

8HIGH

Key Information:

Vendor: Trellix
Status: Epolicy Orchestrator
Vendor: CVE Published:; 17 November 2023

Summary

A Cross Site Request Forgery vulnerability exists in the ePolicy Orchestrator platform prior to version 5.10.0 CP1 Update 2. This flaw enables a remote user with low privileges to perform unauthorized actions, specifically allowing the addition of new users with administrator rights on the ePO server. The attack requires manipulation of the HTTP payload during submission, affecting the integrity of the server's user management functionality. Users should ensure their systems are updated to the latest versions to mitigate this security risk.

Affected Version(s)

ePolicy Orchestrator Prior to 5.10.0 SP1 UP2

References

https://kcm.trellix.com/agent/index?page=content&id=SB10410

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 17, 2023
Vulnerability Reserved
Oct 6, 2023

Credit

Lukasz Plonka