Unauthorized Access and Remote Code Execution Vulnerability in ESM 11.6.10
CVE-2024-11482

9.8CRITICAL

Key Information:

Vendor: Trellix
Status: Trellix Enterprise Security Manager (esm)
Vendor: CVE Published:; 29 November 2024

What is CVE-2024-11482?

A security vulnerability in Trellix's ESM version 11.6.10 allows attackers to gain unauthenticated access to the internal Snowservice API. This unauthorized access can lead to remote code execution through command injection, with the commands being executed as the root user. This vulnerability poses serious implications for system integrity and data security, necessitating prompt attention and remediation for affected users.

Affected Version(s)

Trellix Enterprise Security Manager (ESM) Windows 11.6.12

References

https://thrive.trellix.com/s/article/000014058#h2_0

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 29, 2024
Vulnerability Reserved
Nov 20, 2024

Credit

Rafal Gill