Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
权限预留不恰当
Vulnerability Title
Trellix Agent 安全漏洞
Vulnerability Description
Trellix Agent是美国火眼(Trellix)公司的一个客户端组件。提供 McAfee ePolicy Orchestrator(McAfee ePO)和托管产品之间的安全通信。 Trellix Agen 5.7.8及之前版本存在安全漏洞,该漏洞源于允许本地用户在安装/升级工作流程期间替换 Agent 的可执行文件,导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A