Trellix ENS 10.7.0 April 2023 Release and Earlier Code Injection Vulnerability

Trellix ENS 10.7.0 April 2023 Release and Earlier Code Injection Vulnerability

CVE-2023-3665 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code.

Learn more about our User Device Pen Test.