"-Synchronized-Data."

2025-06-21 05:40:25 +00:00 · 2022-11-30 09:00:35 +00:00 · 2022-11-30 09:00:35 +00:00 · ce94c3e1c8
commit ce94c3e1c8
parent 672e5d994f
1 changed files with 73 additions and 4 deletions
--- a/2022/3xxx/CVE-2022-3859.json
+++ b/2022/3xxx/CVE-2022-3859.json
@ -1,17 +1,86 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2022-3859",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "trellixpsirt@trellix.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE- 427: Uncontrolled Search Path Element"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Trellix",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Trellix Agent",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "5.x",
+                                            "version_affected": "="
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10391",
+                "refsource": "MISC",
+                "name": "https://kcm.trellix.com/corporate/index?page=content&id=SB10391"
+            }
+        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.1.0-dev"
+    },
+    "source": {
+        "discovery": "UNKNOWN"
+    },
+    "impact": {
+        "cvss": [
+            {
+                "attackComplexity": "LOW",
+                "attackVector": "LOCAL",
+                "availabilityImpact": "HIGH",
+                "baseScore": 6.7,
+                "baseSeverity": "MEDIUM",
+                "confidentialityImpact": "HIGH",
+                "integrityImpact": "HIGH",
+                "privilegesRequired": "HIGH",
+                "scope": "UNCHANGED",
+                "userInteraction": "NONE",
+                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+                "version": "3.1"
            }
        ]
    }