Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files that usually require a higher privilege level. This is caused by GetSusp not correctly protecting a directory that it creates during execution, allowing an attacker to take over file handles used by GetSusp. As this runs with high privileges, the attacker gains elevated permissions. The file handles are opened as read-only.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
特权管理不恰当
Vulnerability Title
Trellix GetSusp 安全漏洞
Vulnerability Description
Trellix GetSusp是美国火眼(Trellix)公司的一款启发式恶意软件检测程序。 Trellix GetSusp 5.0.0.27之前版本存在安全漏洞,该漏洞源于存在权限管理不当漏洞。本地低权限攻击者可利用该漏洞访问更高权限级别的文件。
CVSS Information
N/A
Vulnerability Type
N/A