First published: Mon Jul 03 2023(Updated: )
An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands.
Credit: trellixpsirt@trellix.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trellix Enterprise Security Manager | <11.6.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-3313 is an OS command injection vulnerability in the ESM certificate API.
CVE-2023-3313 allows an unauthorized user to execute system command injection, potentially leading to privilege escalation or execution of arbitrary commands.
Trellix Enterprise Security Manager versions up to and excluding 11.6.7 are affected by CVE-2023-3313.
CVE-2023-3313 has a severity score of 7.8, indicating a high severity.
To fix CVE-2023-3313, it is recommended to update Trellix Enterprise Security Manager to version 11.6.7 or later.
More information about CVE-2023-3313 can be found at: https://kcm.trellix.com/corporate/index?page=content&id=SB10403