CVE-2024-4176 — MEDIUM (4.1)

Q: How severe is CVE-2024-4176?

CVE-2024-4176 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-4176?

Check the references section above for vendor advisories and patch information. Affected products include: Trellix Xconsole.

Vulnerability Description

An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the EDR XConsole end user.

CVSS Score

4.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Trellix	Xconsole	<= 2024-05-17

Related Weaknesses (CWE)

CWE-79

References

https://thrive.trellix.com/s/article/000013455Permissions Required
https://thrive.trellix.com/s/article/000013455Permissions Required

FAQ

What is CVE-2024-4176?

CVE-2024-4176 is a vulnerability with a CVSS score of 4.1 (MEDIUM). An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor c...

How severe is CVE-2024-4176?

CVE-2024-4176 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-4176?

Check the references section above for vendor advisories and patch information. Affected products include: Trellix Xconsole.