An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content.
References
Link | Resource |
---|---|
https://kcm.trellix.com/corporate/index?page=content&id=SB10411 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: trellix
Published: 2023-11-27T10:36:51.928Z
Updated: 2023-11-27T10:46:46.626Z
Reserved: 2023-10-17T07:45:00.950Z
Link: CVE-2023-5607
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-27T11:15:08.133
Modified: 2023-12-01T19:09:32.730
Link: CVE-2023-5607
JSON object: View
Redhat Information
No data.
CWE