Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
79391d0
commit c67c240
Showing
10 changed files
with
130 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2023-0221](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0221) | ||
![](https://img.shields.io/static/v1?label=Product&message=Application%20and%20Change%20Control&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%208.x%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20%E2%80%93%20Improper%20Privilege%20Management&color=brighgreen) | ||
|
||
### Description | ||
|
||
Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://kcm.trellix.com/corporate/index?page=content&id=SB10370 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2023-0400](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0400) | ||
![](https://img.shields.io/static/v1?label=Product&message=Data%20Loss%20Prevention%20(DLP)&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.9.100%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-670%20Always-Incorrect%20Control%20Flow%20Implementation&color=brighgreen) | ||
|
||
### Description | ||
|
||
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://kcm.trellix.com/corporate/index?page=content&id=SB10394&locale=en_US | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2023-0975](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0975) | ||
![](https://img.shields.io/static/v1?label=Product&message=Trellix%20Agent&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=5.7.8%3C%3D%205.7.8%20%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-281%20Improper%20Preservation%20of%20Permissions&color=brighgreen) | ||
|
||
### Description | ||
|
||
A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://kcm.trellix.com/corporate/index?page=content&id=SB10396 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2023-0977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0977) | ||
![](https://img.shields.io/static/v1?label=Product&message=Trellix%20Agent&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=5.7.8%3C%3D%205.7.8%20%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Copy%20without%20Checking%20Size%20of%20Input%20('Classic%20Buffer%20Overflow')&color=brighgreen) | ||
|
||
### Description | ||
|
||
A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://kcm.trellix.com/corporate/index?page=content&id=SB10396 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2023-0978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0978) | ||
![](https://img.shields.io/static/v1?label=Product&message=Trellix%20Intelligent%20Sandbox&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%205.0%3C%3D%20%205.2%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) | ||
|
||
### Description | ||
|
||
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://kcm.trellix.com/corporate/index?page=content&id=SB10397 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2023-22620](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22620) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22620.txt | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2023-30459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30459) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the administrator control panel on port 8101, by default). | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://smartptt.com | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters