CVE-2024-0206 — HIGH (7.1) — White Hats Nepal

Vulnerability Description

A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files

CVSS Score

7.1

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Trellix	Anti-Malware Engine	6600
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-59

References

https://kcm.trellix.com/corporate/index?page=content&id=SB10415Vendor Advisory
https://kcm.trellix.com/corporate/index?page=content&id=SB10415Vendor Advisory

FAQ

What is CVE-2024-0206?

CVE-2024-0206 is a vulnerability with a CVSS score of 7.1 (HIGH). A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This wa...

How severe is CVE-2024-0206?

CVE-2024-0206 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-0206?

Check the references section above for vendor advisories and patch information. Affected products include: Trellix Anti-Malware Engine, Microsoft Windows.