Detections
Analytics
Trellix Enterprise Security Manager < 11.6.8 SSRF
medium Nessus Plugin ID 186467
Language:
Synopsis
An application running on a remote web server host is affected by a server-side request forgery vulnerability.Description
The version of Trellix Enterprise Security Manager running on the remote web server is prior to 11.6.8. It is, therefore, affected by a server-side request forgery (SSRF) vulnerability. Due to a flaw in the certificate validation functionality, a remote, authenticated attacker can upload arbitrary content, potentially altering configuration.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Trellix Enterprise Security Manager 11.6.8 or later.See Also
https://kcm.trellix.com/corporate/index?page=content&id=SB10413
Plugin Details
Severity: Medium
ID: 186467
File Name: trellix_enterprise_security_manager_11_6_8.nasl
Version: 1.2
Type: remote
Family: CGI abuses
Published: 11/30/2023
Updated: 12/1/2023
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 1.4
CVSS v2
Risk Factor: Medium
Base Score: 4
Temporal Score: 3
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS Score Source: CVE-2023-6670
CVSS v3
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.8
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: x-cpe:/a:trellix:enterprise_security_manager, cpe:/a:mcafee:enterprise_security_manager
Required KB Items: installed_sw/Trellix Enterprise Security Manager
Exploit Ease: No known exploits are available
Patch Publication Date: 8/22/2023
Vulnerability Publication Date: 11/29/2023
Reference Information
CVE: CVE-2023-6670
IAVB: 2023-B-0094