CVE-2023-3665 - OpenCVE

A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Trellix	Endpoint Security

Configuration 1 [-]

cpe:2.3:a:trellix:endpoint_security:*:*:*:*:*:*:*:*

References

Link	Resource
https://kcm.trellix.com/corporate/index?page=content&id=SB10405	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: trellix

Published: 2023-10-04T14:32:52.925Z

Updated: 2023-10-04T14:32:52.925Z

Reserved: 2023-07-13T14:30:54.711Z

Link: CVE-2023-3665

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-04T15:15:12.360

Modified: 2023-10-10T19:11:44.630

Link: CVE-2023-3665

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-3665", "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "state": "PUBLISHED", "assignerShortName": "trellix", "dateReserved": "2023-07-13T14:30:54.711Z", "datePublished": "2023-10-04T14:32:52.925Z", "dateUpdated": "2023-10-04T14:32:52.925Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Trellix Endpoint Security", "vendor": "Trellix ", "versions": [{"status": "affected", "version": "10.7.0"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "De Laurentis Vito"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A code injection vulnerability in </span><strong>Trellix ENS 10.7.0 April 2023 release and earlier</strong><span style=\"background-color: rgb(255, 255, 255);\">, allowed a local user to disable the ENS AMSI component via environment variables,</span><br><span style=\"background-color: rgb(255, 255, 255);\">leading to denial of service and or the execution of arbitrary code.</span>\n\n"}], "value": "\nA code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables,\nleading to denial of service and or the execution of arbitrary code.\n\n"}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix", "dateUpdated": "2023-10-04T14:32:52.925Z"}, "references": [{"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10405"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trellix:endpoint_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C5D96D4-8748-42BA-BBFC-50D0F422FD50", "versionEndIncluding": "10.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nA code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables,\nleading to denial of service and or the execution of arbitrary code.\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en Trellix ENS 10.7.0 de abril de 2023 y versiones anteriores permiti\u00f3 a un usuario local deshabilitar el componente ENS AMSI a trav\u00e9s de variables de entorno, lo que provoc\u00f3 la denegaci\u00f3n de servicio o la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2023-3665", "lastModified": "2023-10-10T19:11:44.630", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}, "published": "2023-10-04T15:15:12.360", "references": [{"source": "trellixpsirt@trellix.com", "tags": ["Vendor Advisory"], "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10405"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-74"}], "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}