CVE-2023-0978
Published: 13 March 2023
Summary
CVE-2023-0978 is a medium-severity Command Injection (CWE-77) vulnerability in Trellix Intelligent Sandbox. Its CVSS base score is 6.4 (Medium).
Operationally, ranked in the top 42.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-12963
Vulnerability details
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that…
more
are passed to specific CLI command. The vulnerability allows the attack
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.