First published: Wed Jun 07 2023(Updated: )
A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree.
Credit: trellixpsirt@trellix.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trellix Agent | <5.7.9 | |
Apple macOS |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this command Injection Vulnerability is CVE-2023-0976.
The affected software for this vulnerability is Trellix Agent for mac-OS prior to version 5.7.9.
The severity of CVE-2023-0976 is high with a CVSS score of 7.8.
This vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder.
To fix this vulnerability, update TA for mac-OS to version 5.7.9 or later.