Trellix ESM Flaw Let Attackers Execute arbitrary commands

Recent reports have identified two significant vulnerabilities in Trellix SIEM, which may enable unauthorized parties to execute commands in the Trellix ESM Flaw’s Enterprise Security Manager (ESM).

This poses a considerable risk to the security of the system and should be addressed promptly to prevent any potential breaches.

Trellix has released CVEs and patches for fixing these vulnerabilities.

CVE(s):

CVE-2023-3313: OS Command Injection in ESM Certificate API

This vulnerability exists due to incorrect neutralization of special elements leading to command injection, thereby allowing the attacker to gain privilege escalation or execute arbitrary commands in the Enterprise Security Manager.

The CVSS Score of this vulnerability is given as 7.8 (high).

CVE-2023-3314: Incomplete Neutralisation leading to Arbitrary command execution

This vulnerability exists due to the failure of sanitization of processing a .zip file and incomplete neutralization of external commands that control process execution of the .zip application leading to privilege escalation or arbitrary command execution for an authorized user.

The CVSS score of this vulnerability is given as 8.1 (high).

Trellix also gave credit to two security researchers Andre Waldhoff (condignum GmbH) and Johannes Bär (condignum GmbH) for discovering these flaws and reporting them.

Affected Products

Below is the list of products affected due to these vulnerabilities and the patched version

Users of these products are recommended to upgrade to the latest version to patch these vulnerabilities. 

Trellix is a computer security company that has more than 40,000 customers, including nearly 80% of the Fortune 500 companies.

The company has a net worth of nearly $3.24 billion and has a revenue of $940 million as of 2020 with nearly 3500 employees worldwide.

Source: https://cybersecuritynews.com/trellix-esm-flaw/