CVE-2023-0978 MEDIUM

CVE-2023-0978

Vendor Trellix
Product Trellix Intelligent Sandbox
Weakness CWE-77
Published March 13, 2023
Last update February 27, 2025

CVSS base score

6.4/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack

Key dates

02Disclosure timeline

March 13, 2023 CVE published
February 27, 2025 Record updated