CVE-2023-5607 - OpenCVE

An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Trellix	Application And Change Control

Configuration 1 [-]

cpe:2.3:a:trellix:application_and_change_control:*:*:*:*:*:*:*:*

References

Link	Resource
https://kcm.trellix.com/corporate/index?page=content&id=SB10411	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: trellix

Published: 2023-11-27T10:36:51.928Z

Updated: 2023-11-27T10:46:46.626Z

Reserved: 2023-10-17T07:45:00.950Z

Link: CVE-2023-5607

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-27T11:15:08.133

Modified: 2023-12-01T19:09:32.730

Link: CVE-2023-5607

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-5607", "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "state": "PUBLISHED", "assignerShortName": "trellix", "dateReserved": "2023-10-17T07:45:00.950Z", "datePublished": "2023-11-27T10:36:51.928Z", "dateUpdated": "2023-11-27T10:46:46.626Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Trellix Application and Change Control (TACC)", "vendor": "Trellix", "versions": [{"status": "affected", "version": "Prior to version 8.4.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content. </span>\n\n"}], "value": "\nAn improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content. \n\n"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22: Improper limitation of a path name to a restricted directory (path traversal)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix", "dateUpdated": "2023-11-27T10:46:46.626Z"}, "references": [{"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10411"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Customers on TACC 8.3.8.x and earlier should update their ePO extension to 8.4.0. </span>\n\n<br>"}], "value": "\nCustomers on TACC 8.3.8.x and earlier should update their ePO extension to 8.4.0. \n\n\n"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trellix:application_and_change_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6635B7C-5692-4A03-BB70-1D48EF826D93", "versionEndExcluding": "8.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nAn improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content. \n\n"}, {"lang": "es", "value": "Una limitaci\u00f3n inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido (path traversal) en la extensi\u00f3n TACC ePO, para servidores de ePO locales, antes de la versi\u00f3n 8.4.0 podr\u00eda llevar a que un atacante administrador autorizado ejecute c\u00f3digo arbitrario mediante la carga de un archivo especialmente manipulado. Archivo de reputaci\u00f3n GTI. El atacante necesitar\u00eda los privilegios adecuados para acceder a la secci\u00f3n correspondiente de la interfaz de usuario. La l\u00f3gica de importaci\u00f3n se ha actualizado para restringir los tipos de archivos y el contenido."}], "id": "CVE-2023-5607", "lastModified": "2023-12-01T19:09:32.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 6.0, "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}, "published": "2023-11-27T11:15:08.133", "references": [{"source": "trellixpsirt@trellix.com", "tags": ["Vendor Advisory"], "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10411"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "trellixpsirt@trellix.com", "type": "Primary"}]}