cbcvebase.
CVE-2023-0978
published 2023-03-13

CVE-2023-0978: A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating…

PriorityP434medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.39%
30.3th percentile
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack

Affected

4 ranges
VendorProductVersion rangeFixed in
mcafeeadvanced_threat_defense4.0 – 4.14.2
trellixintelligent_sandbox
trellixintelligent_sandbox
trellixtrellix_intelligent_sandbox 5.0 – 5.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.