CVE-2023-4814
Severity Score
7.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to.
Existe una vulnerabilidad de escalada de privilegios en Trellix Windows DLP endpoint para Windows de la que se puede abusar para eliminar cualquier archivo/carpeta para el cual el usuario no tiene permiso.
*Credits:
ekokh
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-09-07 CVE Reserved
- 2023-09-14 CVE Published
- 2023-09-14 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-250: Execution with Unnecessary Privileges
- CWE-863: Incorrect Authorization
CAPEC
- CAPEC-122: Privilege Abuse
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kcm.trellix.com/corporate/index?page=content&id=SB10407 | 2023-09-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Trellix Search vendor "Trellix" | Data Loss Prevention Search vendor "Trellix" for product "Data Loss Prevention" | 11.10.100.17 Search vendor "Trellix" for product "Data Loss Prevention" and version "11.10.100.17" | - |
Affected
| ||||||