First published: Wed Oct 04 2023(Updated: )
A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code.
Credit: trellixpsirt@trellix.com trellixpsirt@trellix.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trellix Endpoint Security | <=10.7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-3665 is a code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier.
CVE-2023-3665 allows a local user to disable the ENS AMSI component via environment variables, leading to denial of service and/or the execution of arbitrary code.
CVE-2023-3665 has a severity rating of 7.8 (high).
To fix CVE-2023-3665, update Trellix ENS to a version later than 10.7.0 April 2023 release.
More information about CVE-2023-3665 can be found at the following link: [https://kcm.trellix.com/corporate/index?page=content&id=SB10405](https://kcm.trellix.com/corporate/index?page=content&id=SB10405)