One vulnerability in Intelligent Sandbox (formerly known as Advanced Threat Defense) has been discovered and resolved.
Affected software
The vulnerability affects the following versions of Intelligent Sandbox:
- 5.2.0, and all versions prior to 5.2.0, including 4.x
Remediated/updated versions
The vulnerability is remediated with a patch, which is available from the Product Downloads site. The fix will be incorporated in the next release of Intelligent Sandbox as version 5.2.2, which is currently in development, and all subsequent versions.
Impact
CVE-2023-0978 (CVSS: 6.7/6.0; Severity: Medium) A command injection vulnerability was found in Trellix Intelligent Sandbox CLI for version 5.2 and all lower versions, including version 4.x.
Recommendation
Obtain and install the patch, or the latest updates with the fix. For full instructions and information, see Knowledge Base article: SB10397 - Security Bulletin – Trellix Intelligent Sandbox update fixes one vulnerability (CVE-2022-0978).