- 185/2024
- Critical
Trellix has released a security update to fix multiple vulnerabilities across Trellix Intrusion Prevention System.
The addressed vulnerabilities could allow the remote attacker to obtain sensitive information or execute arbitrary code and gain access to the affected system.
The addressed vulnerabilities:
1. Trellix Intrusion Prevention System Manager Code Execution Vulnerability (CVE-2024-5671):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Trellix Intrusion Prevention System Manager Information Disclosure Vulnerability (CVE-2024-5731):
- CVSS: 6.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Obtain Information
Vulnerabilities
- CVE-2024-5731
- CVE-2024-5671
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.