CVE-2023-5607 Vulnerability Details

  /     /     /  

CVE-2023-5607 Metadata Quick Info

CVE Published: 27/11/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: trellix | Vendor: Trellix | Product: Trellix Application and Change Control (TACC)
Status : PUBLISHED

CVE-2023-5607 Description

An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content.

Metrics

CVSS Version: 3.1 | Base Score: 8.4 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* HIGH
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-22
CWE Name: CWE-22: Improper limitation of a path name to a restricted directory (path traversal)
Source: Trellix

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-126
CAPEC Description: CAPEC-126 Path Traversal


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2023-5607 Vulnerability Details