CVE-2023-3665

A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code.

Published: Oct 4, 2023
Updated: Oct 11, 2023
CVE: CVE-2023-3665
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
trellix / endpoint_security	-	10.7.0.x

https://kcm.trellix.com/corporate/index?page=content&id=SB10405

Vulnerability Database

289,697

CVE-2023-3665