1. Home
  2. CVE Database
  3. CVE-2023-5607
HIGH · 8.4

CVE-2023-5607

An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authoris...

Vulnerability Description

An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
TrellixApplication And Change Control< 8.4.0

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2023-5607?

CVE-2023-5607 is a vulnerability with a CVSS score of 8.4 (HIGH). An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authoris...

How severe is CVE-2023-5607?

CVE-2023-5607 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-5607?

Check the references section above for vendor advisories and patch information. Affected products include: Trellix Application And Change Control.