CVE-2023-0978
published 2023-03-13CVE-2023-0978: A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating…
PriorityP434medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.39%
30.3th percentile
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mcafee | advanced_threat_defense | 4.0 – 4.14.2 | — |
| trellix | intelligent_sandbox | — | — |
| trellix | intelligent_sandbox | — | — |
| trellix | trellix_intelligent_sandbox | 5.0 – 5.2 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET EXPLOIT Possible Storm-0978 CVE-2023-36884 Exploitation Attempt M1
suricata·2023-07-12·CVSS 7.5
CVE-2023-36884 [HIGH] ET EXPLOIT Possible Storm-0978 CVE-2023-36884 Exploitation Attempt M1
ET EXPLOIT Possible Storm-0978 CVE-2023-36884 Exploitation Attempt M1
Rule: alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT Possible Storm-0978 CVE-2023-36884 Exploitation Attempt M1"; flow:established,to_server; flowbits:set,ET.CVE-2023-36884.Storm-0978; http.method; content:"GET"; http.uri; content:"/MSHTML_"; content:"/start.xml"; fast_pattern; endswith; reference:url,blogs.blackberry.com/en/2023/07/romcom-targets-ukraine-nato-membership-talks-at-nato-summit; reference:cve,2023-36884; classtype:attempted-admin; sid:2046810; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2023_07_12, cve CVE_2023_36884, deployment Perimeter, performance_impact Low, confidence Low, signature_severity Major, tag Storm_0978
No public exploits indexed.
2023-03-13
Published