Trellix Enterprise Security Manager Patches Critical Flaws, Including CVE-2024-11482 (CVSS 9.8)
Trellix has released an update to its Enterprise Security Manager (ESM) addressing two critical vulnerabilities that could allow unauthorized access and remote code execution. These vulnerabilities, identified as CVE-2024-11481 (CVSS score 8.2) and CVE-2024-11482 (CVSS score 9.8), affect ESM version 11.6.10.
Vulnerability Details:
CVE-2024-11481: This vulnerability allows unauthenticated attackers to access the internal Snowservice API. This is due to a combination of factors, including improper handling of path traversal, insecure forwarding to an AJP backend, and a lack of authentication for internal API endpoints. Successful exploitation could allow attackers to retrieve sensitive information or disrupt service.
CVE-2024-11482: This critical vulnerability also allows unauthenticated access to the internal Snowservice API, but with more severe consequences. Attackers can exploit this flaw to inject and execute arbitrary commands as the root user, potentially leading to complete system compromise.
Impact and Mitigation:
Organizations using Trellix ESM version 11.6.10 are strongly urged to update to version 11.6.13 immediately. These vulnerabilities pose a significant risk to the confidentiality, integrity, and availability of sensitive data and systems.
Trellix’s Response:
Trellix has acknowledged these vulnerabilities and released a patch in ESM version 11.6.13. The company is urging all users to update their systems as soon as possible to mitigate the risk of exploitation.
