CVE-2022-2188

CWE-732Incorrect Permission AssignmentCWE-863Incorrect Authorization3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 71.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trellix DXL BrokerMcafee Data Exchange Layer
Timeline
PublishedNov 7

Description

Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages2 packages

CVEListV5trellix/dxl_broker5.x6.0.0.280

🔴Vulnerability Details

2
GHSA
GHSA-h7pw-cjr2-mh4p: Privilege escalation vulnerability in DXL Broker for Windows prior to 62022-11-07
CVEList
DXL Broker privilege escalation vulnerability2022-11-07
CVE-2022-2188 (MEDIUM CVSS 5.5) | Privilege escalation vulnerability | cvebase.io