← back
CVE-2022-3859

CVE-2022-3859

CVSS 6.7 MEDIUMEPSS 0.2%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
30 Nov 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Trellix · Trellix Agent

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://kcm.trellix.com/corporate/index?page=content&id=SB10391