Cyber Resilience

CVE-2024-5671

CriticalRCE

Published: 14 June 2024

Published
14 June 2024
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0567 90.6th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-5671 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Trellix IPS Manager (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 9.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2024-5671 is an insecure deserialization vulnerability, tracked as CWE-502, that affects certain workflows in the Trellix IPS Manager. The flaw received a CVSS 3.1 score of 9.8 and was published on 2024-06-14.

Unauthenticated remote attackers can exploit the issue over the network with low attack complexity to execute arbitrary code and obtain full access to the vulnerable Trellix IPS Manager instance.

Mitigation guidance is provided in the vendor advisory located at https://thrive.trellix.com/s/article/000013623.

The associated EPSS score has remained flat at 0.0567 with no material increase since disclosure.

EU & UK References

Vulnerability details

Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Trellix
IPS Manager
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-502

Penetration testing supplies malicious serialized objects, detecting unsafe deserialization and supporting corrective actions.

addresses: CWE-502

Evaluation of untrusted data handling (deserialization testing) reveals unsafe processing, which the required remediation process addresses.

addresses: CWE-502

Untrusted serialized data can be deserialized and observed inside the chamber, blocking gadget-chain exploitation outside the sandbox.

addresses: CWE-502

Validates or rejects untrusted serialized data before deserialization occurs.

addresses: CWE-502

Identifies and blocks malicious code introduced through deserialization of untrusted data at system boundaries.

addresses: CWE-502

Integrity verification of serialized information can detect tampering before deserialization occurs.

addresses: CWE-502

Provenance of associated data allows detection of untrusted sources before deserialization or processing occurs.

References