Download of Sensitive Files Possible Through Path Traversal in Trellix NX Products
CVE-2024-7608

5.9MEDIUM

Key Information:

Vendor: Trellix
Status: Trellix Nx, Ex, Ax, Fx, Cms And Ivx
Vendor: CVE Published:; 27 August 2024

What is CVE-2024-7608?

An authenticated user may exploit a security vulnerability within selected Trellix products, allowing for unauthorized access to restricted files. This serious flaw arises from improper validation of user input, enabling attackers to manipulate file paths and gain access to sensitive data across NX, EX, FX, AX, IVX, and CMS systems. As a result, organizations utilizing these products must prioritize security assessments and remediate the issue promptly to safeguard their information assets.

Affected Version(s)

Trellix NX, EX, AX, FX, CMS and IVX Trellix NX, EX, AX, FX, CMS 10.0.1 and older, for Trellix IVX 10.02. and older

References

https://thrive.trellix.com/s/article/000013844

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 27, 2024
Vulnerability Reserved
Aug 8, 2024