First published: Wed Nov 30 2022(Updated: )
An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.
Credit: trellixpsirt@trellix.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trellix Agent | <5.7.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-3859 is an uncontrolled search path vulnerability that exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8.
The vulnerability allows an attacker with admin access to elevate their privileges to System by placing a malicious DLL in the restricted Windows System folder.
To exploit CVE-2022-3859, an attacker would need administrative access to the system and place a malicious DLL in the restricted Windows System folder.
The severity of CVE-2022-3859 is medium, with a severity value of 6.7.
To fix CVE-2022-3859, upgrade Trellix Agent (TA) for Windows to version 5.7.8 or later.