CVE-2022-3859 MEDIUM

CVE-2022-3859

Vendor Trellix
Product Trellix Agent
Published November 30, 2022
Last update April 23, 2025

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.

Key dates

02Disclosure timeline

November 30, 2022 CVE published
April 23, 2025 Record updated