CVE-2023-3438 MEDIUM

CVE-2023-3438

Vendor Trellix
Product Trellix Move
Weakness CWE-428
Published July 3, 2023
Last update October 25, 2024

CVSS base score

4.4/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services.

Key dates

02Disclosure timeline

July 3, 2023 CVE published
October 25, 2024 Record updated