CVE-2023-6788
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-0206 is a newly disclosed vulnerability affecting the Trellix Anti-Malware Engine. This issue permits an authenticated local user to potentially elevate their privileges by manipulating symbolic links within the engine's registry. By adding a symbolic link to files that the user normally isn't authorized to access, the user can cause the engine to follow the link and remove the targeted files during a scan. This vulnerability poses a significant risk to systems running the affected Trellix Anti-Malware Engine version prior to the January 2024 release.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.