Uncontrolled Search Path Vulnerability in Trellix Agent for Windows

Uncontrolled Search Path Vulnerability in Trellix Agent for Windows

CVE-2022-3859 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.

Learn more about our Web Application Penetration Testing UK.