VYPR

Agent

by Trellix

CVEs (3)

  • CVE-2023-0975HigApr 3, 2023
    risk 0.53cvss 8.2epss 0.00

    A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions.

  • CVE-2023-0977MedApr 3, 2023
    risk 0.44cvss 6.7epss 0.01

    A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable.

  • CVE-2022-3859MedNov 30, 2022
    risk 0.44cvss 6.7epss 0.00

    An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing…