Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Trellix Intelligent Sandbox 命令注入漏洞
Vulnerability Description
Trellix Intelligent Sandbox是美国火眼(Trellix)公司的能够使您的组织能够检测到高级、规避的恶意软件,并将威胁信息转化为即时行动和保护的平台。 Trellix Intelligent Sandbox CLI 5.2及之前版本存在命令注入漏洞,该漏洞源于对传递给特定 CLI 命令的参数的验证不充分,允许本地用户使用特制字符串注入和执行任意操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A