First published: Thu Nov 30 2023(Updated: )
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source.
Credit: trellixpsirt@trellix.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trellix Enterprise Security Manager | <11.6.9 |
To remediate this issue, customers on ESM 11.6.x should update to version 11.6.9.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-6071 is a vulnerability that allows a remote administrator to execute arbitrary code as root on the ESM.
CVE-2023-6071 occurs due to an improper neutralization of special elements used in a command vulnerability in ESM prior to version 11.6.9.
CVE-2023-6071 has a severity rating of 8.4 (high).
To fix CVE-2023-6071, update your Trellix Enterprise Security Manager (ESM) to version 11.6.9 or later.
You can find more information about CVE-2023-6071 at the following link: https://kcm.trellix.com/corporate/index?page=content&id=SB10413