Trellix ESM Flaw

According to recent reports, there have been two serious vulnerabilities found in the Trellis SIEM. These vulnerabilities could potentially allow malicious actors to execute unauthorized commands within the Enterprise Security Manager (ESM) of Trellix.

This poses a considerable risk to the security of the system and should be addressed promptly to prevent any potential breaches.

EHA

Trellix has released CVEs and patches for fixing these vulnerabilities.

CVE(s):

CVE-2023-3313: OS Command Injection in ESM Certificate API

This vulnerability exists due to incorrect neutralization of special elements leading to command injection, thereby allowing the attacker to gain privilege escalation or execute arbitrary commands in the Enterprise Security Manager.

The CVSS Score of this vulnerability is given as 7.8 (high).

CVE-2023-3314: Incomplete Neutralisation leading to Arbitrary command execution

This vulnerability exists due to the failure of sanitization of processing a .zip file and incomplete neutralization of external commands that control process execution of the .zip application leading to privilege escalation or arbitrary command execution for an authorized user.

The CVSS score of this vulnerability is given as 8.1 (high).

Trellix also gave credit to two security researchers Andre Waldhoff (condignum GmbH) and Johannes Bär (condignum GmbH) for discovering these flaws and reporting them.

Affected Products

Below is the list of products affected due to these vulnerabilities and the patched version

Affected ProductsFixed in Version
SIEM Enterprise Security Manager 11.6.xUpgrade to 11.6.7 (June 2023 release)
SIEM Enterprise Security Manager 11.5.x
SIEM Enterprise Security Manager 11.4.x
SIEM Enterprise Security Manager 11.3.x (EOL)

Users of these products are recommended to upgrade to the latest version to patch these vulnerabilities. 

Trellix is a computer security company that has more than 40,000 customers, including nearly 80% of the Fortune 500 companies.

The company has a net worth of nearly $3.24 billion and has a revenue of $940 million as of 2020 with nearly 3500 employees worldwide.

“AI-based email security measures Protect your business From Email Threats!” – .

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.