CVE-2022-3859 - OpenCVE

An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Trellix	Agent

Configuration 1 [-]

cpe:2.3:a:trellix:agent:*:*:*:*:windows:*:*:*

No data.

References

Link	Providers
https://kcm.trellix.com/corporate/index?page=content&id=SB10391

History

No history.

MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2022-11-30T08:29:29.242Z

Updated: 2024-08-03T01:20:58.790Z

Reserved: 2022-11-04T09:51:23.470Z

Link: CVE-2022-3859

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-30T09:15:08.977

Modified: 2023-11-07T03:51:53.760

Link: CVE-2022-3859

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-3859", "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "state": "PUBLISHED", "assignerShortName": "trellix", "requesterUserId": "069ee6c4-a2f4-4306-bdf3-1ad7d93fe7cf", "dateReserved": "2022-11-04T09:51:23.470Z", "datePublished": "2022-11-30T08:29:29.242Z", "dateUpdated": "2024-08-03T01:20:58.790Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Trellix Agent", "vendor": "Trellix", "versions": [{"lessThanOrEqual": "5.7.8", "status": "affected", "version": "5.x", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.</span><br>"}], "value": "An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.\n"}], "impacts": [{"capecId": "CAPEC-234", "descriptions": [{"lang": "en", "value": "CAPEC-234: Hijacking a privileged process"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "CWE- 427: Uncontrolled Search Path Element", "lang": "en"}]}], "providerMetadata": {"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix", "dateUpdated": "2022-11-30T08:29:29.242Z"}, "references": [{"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10391"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:20:58.790Z"}, "title": "CVE Program Container", "references": [{"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10391", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trellix:agent:*:*:*:*:windows:*:*:*", "matchCriteriaId": "0F8FEE16-0E7F-4017-B9DC-9791D53191A1", "versionEndExcluding": "5.7.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de Ruta de B\u00fasqueda No Controlada en Trellix Agent (TA) para Windows en versiones anteriores a la 5.7.8. Esto permite que un atacante con acceso de administrador, que debe colocar la DLL en la carpeta restringida del Sistema de Windows, eleve sus privilegios a System colocando una DLL maliciosa all\u00ed."}], "id": "CVE-2022-3859", "lastModified": "2023-11-07T03:51:53.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}, "published": "2022-11-30T09:15:08.977", "references": [{"source": "trellixpsirt@trellix.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10391"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}