- 306/2023
- High
Trellix has released a security update to fix a vulnerability in Trellix Application and Change Control ePO extension “8.3.8.x” and earlier versions.
The addressed vulnerability could allow the remote attacker to access the “Inventory” section of the ePO extension and upload a specially crafted GTI reputation file. This flaw is only applicable to on-premises ePO servers, caused by an error in the parsing logic, which allows a zip file to be uploaded that utilizes path traversal in the archive file paths to trigger remote code execution on the ePO server.
Trellix Application and Change Control Code Execution (CVE-2023-5607):
- CVSS: 8.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Required
- Consequences: Gain Access
It should be highlighted that Trellix recommends that the interface for the ePO server shouldn’t be placed on the internet, allowing only access from trusted networks. Additionally, the risk of vulnerability exploitation can be reduced by limiting access to the ePO interface through network access controls, restricting the number of users, and granting only the required level of access to perform the required tasks.
Vulnerabilities
CVE-2023-5607
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.