CVE-2023-6788

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 9, 2024
Updated: Jan 11, 2024
CWE ID 352

Summary

CVE-2024-0206 is a newly disclosed vulnerability affecting the Trellix Anti-Malware Engine. This issue permits an authenticated local user to potentially elevate their privileges by manipulating symbolic links within the engine's registry. By adding a symbolic link to files that the user normally isn't authorized to access, the user can cause the engine to follow the link and remove the targeted files during a scan. This vulnerability poses a significant risk to systems running the affected Trellix Anti-Malware Engine version prior to the January 2024 release.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share