Unauthenticated Remote Attackers Can Bypass Authentication and Access Partial Data in Trellix IPS Manager
CVE-2024-5956

5.3MEDIUM

Key Information:

Vendor: Trellix
Status: Intrusion Prevention System (ips) Manager
Vendor: CVE Published:; 5 September 2024

Summary

This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly

Affected Version(s)

Intrusion Prevention System (IPS) Manager Windows 11.1.7.97

References

https://thrive.trellix.com/s/article/000013870

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 5, 2024
Vulnerability Reserved
Jun 13, 2024

Credit

Kentaro Kawane