CVE-2023-5607
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content.
Una limitación inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido (path traversal) en la extensión TACC ePO, para servidores de ePO locales, antes de la versión 8.4.0 podría llevar a que un atacante administrador autorizado ejecute código arbitrario mediante la carga de un archivo especialmente manipulado. Archivo de reputación GTI. El atacante necesitaría los privilegios adecuados para acceder a la sección correspondiente de la interfaz de usuario. La lógica de importación se ha actualizado para restringir los tipos de archivos y el contenido.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-10-17 CVE Reserved
- 2023-11-27 CVE Published
- 2024-08-02 CVE Updated
- 2024-10-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
- CAPEC-126: Path Traversal
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://kcm.trellix.com/corporate/index?page=content&id=SB10411 | 2023-12-01 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Trellix Search vendor "Trellix" | Application And Change Control Search vendor "Trellix" for product "Application And Change Control" | < 8.4.0 Search vendor "Trellix" for product "Application And Change Control" and version " < 8.4.0" | - |
Affected
|