Path Traversal Vulnerability in TACC ePO Extension for On-Premises Servers
CVE-2023-5607

7.2HIGH

Key Information:

Vendor: Trellix
Status: Trellix Application and Change Control (TACC)
Vendor: CVE Published:; 27 November 2023

Summary

The TACC ePO extension for on-premises servers is vulnerable to a path traversal flaw that could allow an authorized administrator attacker to upload a specially crafted GTI reputation file. This vulnerability permits the execution of arbitrary code due to improper restrictions on file types and paths. Organizations should ensure they are using the updated version (8.4.0 or later) to mitigate this risk.

Affected Version(s)

Trellix Application and Change Control (TACC) Prior to version 8.4.0

References

https://kcm.trellix.com/corporate/index?page=content&id=S...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 27, 2023
Vulnerability Reserved
Oct 17, 2023