CVE-2024-5671 CRITICAL

CVE-2024-5671

Vendor Trellix

Product Intrusion Prevention System (IPS) Manager

Weakness CWE-502 · Unsafe deserialization

Published June 14, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager.

Key dates

02Disclosure timeline

June 14, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-5671 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

Identifiers

CVE CVE-2024-5671

CWE CWE-502

CVSS 9.8 / CRITICAL

Affected versions