CVE-2022-3859

An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://kcm.trellix.com/corporate/index?page=content&id=SB10391	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:trellix:agent:*:*:*:*:windows:*:*:*

History

07 Nov 2023, 03:51

Type	Values Removed	Values Added
Summary	An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.	An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.

Information

Published : 2022-11-30 09:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-3859

Mitre link : CVE-2022-3859

CVE.ORG link : CVE-2022-3859

JSON object : View

Products Affected

trellix

agent

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2022-3859", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "trellixpsirt@trellix.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2022-11-30T09:15:08.977", "references": [{"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10391", "tags": ["Patch", "Vendor Advisory"], "source": "trellixpsirt@trellix.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de Ruta de B\u00fasqueda No Controlada en Trellix Agent (TA) para Windows en versiones anteriores a la 5.7.8. Esto permite que un atacante con acceso de administrador, que debe colocar la DLL en la carpeta restringida del Sistema de Windows, eleve sus privilegios a System colocando una DLL maliciosa all\u00ed."}], "lastModified": "2023-11-07T03:51:53.760", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trellix:agent:*:*:*:*:windows:*:*:*", "vulnerable": true, "matchCriteriaId": "0F8FEE16-0E7F-4017-B9DC-9791D53191A1", "versionEndExcluding": "5.7.8"}], "operator": "OR"}]}], "sourceIdentifier": "trellixpsirt@trellix.com"}