CVE-2022-3859 An uncontrolled search path vulnerability exists in versions of Trellix Agent prior to 5.7.8. An attacker can exploit this vulnerability to access files on the system.
An attacker can also inject a different DLL than the one configured to be searched for. For example, an attacker may place a malicious DLL in the Users folder, which will then be accessible to all users of the system.
Unrestricted search paths can be a problem for any software that uses DLLs, including TA for Windows. This problem is even more concerning in a system where an attacker has admin rights and can place malicious DLLs anywhere on the system.
TRELLIX cannot confirm whether the vulnerability has been exploited and therefore cannot confirm that the vulnerability has been successfully exploited in all cases. Therefore, it is recommended to upgrade to version 5.7.8 or higher where this issue has been patched.
How to check if TRELLIX version is vulnerable
TRELLIX version 5.7.8 and higher is not vulnerable to this issue, so there is no need for automatic upgrade.
What are the solutions to this flaw?
The Microsoft Security Response Center has released a statement, which states: "We are not aware of any exploits to this vulnerability in the wild."
The solution is to upgrade to version 5.7.8 or higher where this issue has been patched.
Timeline
Published on: 11/30/2022 09:15:00 UTC
Last modified on: 12/02/2022 13:53:00 UTC