CVE-2023-5607 - Vulnerability Details - OpenCVE

An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00515.

Key SSVC decision points have not yet been added.

Vendors	Products
Trellix	Application And Change Control

Configuration 1 [-]

cpe:2.3:a:trellix:application_and_change_control:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-57900	An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content.

Fixes

Solution

Customers on TACC 8.3.8.x and earlier should update their ePO extension to 8.4.0.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://kcm.trellix.com/corporate/index?page=content&id=SB10411

History

No history.

MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2023-11-27T10:36:51.928Z

Updated: 2024-08-02T08:07:32.355Z

Reserved: 2023-10-17T07:45:00.950Z

Link: CVE-2023-5607

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-27T11:15:08.133

Modified: 2024-11-21T08:42:06.837

Link: CVE-2023-5607

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5607", "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "state": "PUBLISHED", "assignerShortName": "trellix", "dateReserved": "2023-10-17T07:45:00.950Z", "datePublished": "2023-11-27T10:36:51.928Z", "dateUpdated": "2024-08-02T08:07:32.355Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Trellix Application and Change Control (TACC)", "vendor": "Trellix", "versions": [{"status": "affected", "version": "Prior to version 8.4.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content. </span>\n\n"}], "value": "\nAn improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content. \n\n"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22: Improper limitation of a path name to a restricted directory (path traversal)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix", "dateUpdated": "2023-11-27T10:46:46.626Z"}, "references": [{"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10411"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Customers on TACC 8.3.8.x and earlier should update their ePO extension to 8.4.0. </span>\n\n<br>"}], "value": "\nCustomers on TACC 8.3.8.x and earlier should update their ePO extension to 8.4.0. \n\n\n"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:07:32.355Z"}, "title": "CVE Program Container", "references": [{"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10411", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trellix:application_and_change_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6635B7C-5692-4A03-BB70-1D48EF826D93", "versionEndExcluding": "8.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nAn improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content. \n\n"}, {"lang": "es", "value": "Una limitaci\u00f3n inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido (path traversal) en la extensi\u00f3n TACC ePO, para servidores de ePO locales, antes de la versi\u00f3n 8.4.0 podr\u00eda llevar a que un atacante administrador autorizado ejecute c\u00f3digo arbitrario mediante la carga de un archivo especialmente manipulado. Archivo de reputaci\u00f3n GTI. El atacante necesitar\u00eda los privilegios adecuados para acceder a la secci\u00f3n correspondiente de la interfaz de usuario. La l\u00f3gica de importaci\u00f3n se ha actualizado para restringir los tipos de archivos y el contenido."}], "id": "CVE-2023-5607", "lastModified": "2024-11-21T08:42:06.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 6.0, "source": "trellixpsirt@trellix.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-27T11:15:08.133", "references": [{"source": "trellixpsirt@trellix.com", "tags": ["Vendor Advisory"], "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10411"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10411"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "trellixpsirt@trellix.com", "type": "Secondary"}]}