CVE-2023-0978
MEDIUMMcafee Advanced Threat Defense < 4.14.2 - Command Injection
Title source: ruleDescription
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack
References (1)
Core 1
Core References
Vendor Advisory
https://kcm.trellix.com/corporate/index?page=content&id=SB10397
Scores
CVSS v3
6.4
EPSS
0.0035
EPSS Percentile
57.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (3)
mcafee/advanced_threat_defense
4.0 - 4.14.2
trellix/intelligent_sandbox
5.0
trellix/intelligent_sandbox
5.2
Published
Mar 13, 2023
Tracked Since
Feb 18, 2026