CVE-2023-3665 MEDIUM

CVE-2023-3665

Vendor Trellix
Product Trellix Endpoint Security
Weakness CWE-74
Published October 4, 2023
Last update September 19, 2024

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code.

Key dates

02Disclosure timeline

October 4, 2023 CVE published
September 19, 2024 Record updated