CVE-2023-6071 - Vulnerability Details - OpenCVE

Description

An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source.

Published: 2023-11-30

Score: 8.4 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Trellix

ESM

unaffected

Version	Status	Constraints
`Prior to version 11.6.9`	affected	—

Configuration 1 [-]

cpe:2.3:a:trellix:enterprise_security_manager:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Solution

To remediate this issue, customers on ESM 11.6.x should update to version 11.6.9.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-58327	An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00639.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://kcm.trellix.com/corporate/index?page=content&id=SB10413

History

Tue, 15 Oct 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Trellix Enterprise Security Manager

MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2023-11-30T12:48:51.618Z

Updated: 2024-10-15T17:41:47.096Z

Reserved: 2023-11-10T05:17:18.636Z

Link: CVE-2023-6071

Vulnrichment

Updated: 2024-08-02T08:21:17.247Z

NVD

Status : Modified

Published: 2023-11-30T13:15:10.293

Modified: 2024-11-21T08:43:05.170

Link: CVE-2023-6071

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-77

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6071", "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "state": "PUBLISHED", "assignerShortName": "trellix", "dateReserved": "2023-11-10T05:17:18.636Z", "datePublished": "2023-11-30T12:48:51.618Z", "dateUpdated": "2024-10-15T17:41:47.096Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ESM", "vendor": "Trellix", "versions": [{"status": "affected", "version": "Prior to version 11.6.9"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source.</span>\n\n"}], "value": "\nAn Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source.\n\n"}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix", "dateUpdated": "2023-11-30T12:48:51.618Z"}, "references": [{"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10413"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">To remediate this issue, customers on ESM 11.6.x should update to version 11.6.9.</span>\n\n<br>"}], "value": "\nTo remediate this issue, customers on ESM 11.6.x should update to version 11.6.9.\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.247Z"}, "title": "CVE Program Container", "references": [{"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10413", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-15T17:15:09.938877Z", "id": "CVE-2023-6071", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T17:41:47.096Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10413", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.247Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6071", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-15T17:15:09.938877Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T17:41:40.503Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Trellix", "product": "ESM", "versions": [{"status": "affected", "version": "Prior to version 11.6.9"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\nTo remediate this issue, customers on ESM 11.6.x should update to version 11.6.9.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">To remediate this issue, customers on ESM 11.6.x should update to version 11.6.9.</span>\n\n<br>", "base64": false}]}], "references": [{"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10413"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nAn Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix", "dateUpdated": "2023-11-30T12:48:51.618Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6071", "state": "PUBLISHED", "dateUpdated": "2024-10-15T17:41:47.096Z", "dateReserved": "2023-11-10T05:17:18.636Z", "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "datePublished": "2023-11-30T12:48:51.618Z", "assignerShortName": "trellix"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trellix:enterprise_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E043283A-6EF4-404B-8A1D-981AD62A3BB5", "versionEndExcluding": "11.6.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nAn Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source.\n\n"}, {"lang": "es", "value": "Una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando en ESM anterior a la versi\u00f3n 11.6.9 permite a un administrador remoto ejecutar c\u00f3digo arbitrario como root en ESM. Esto es posible porque la entrada no se sanitiza correctamente al agregar una nueva fuente de datos."}], "id": "CVE-2023-6071", "lastModified": "2024-11-21T08:43:05.170", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 6.0, "source": "trellixpsirt@trellix.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-30T13:15:10.293", "references": [{"source": "trellixpsirt@trellix.com", "tags": ["Vendor Advisory"], "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10413"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10413"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "trellixpsirt@trellix.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}