CVE-2022-3340

XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.7 / Impact : 3.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://kcm.trellix.com/corporate/index?page=content&id=SB10388	Patch Vendor Advisory
https://kcm.trellix.com/corporate/index?page=content&id=SB10388	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:trellix:intrusion_prevention_system_manager::::::::
	cpe:2.3:a:trellix:intrusion_prevention_system_manager:10.1:-::::::
	cpe:2.3:a:trellix:intrusion_prevention_system_manager:10.1:minor8::::::

History

21 Nov 2024, 07:19

Type	Values Removed	Values Added
References	~~() https://kcm.trellix.com/corporate/index?page=content&id=SB10388 - Patch, Vendor Advisory~~	() https://kcm.trellix.com/corporate/index?page=content&id=SB10388 - Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~7.2~~	v2 : unknown v3 : 5.9

08 Nov 2022, 16:14

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.2
CWE		CWE-611
References	~~(CONFIRM) https://kcm.trellix.com/corporate/index?page=content&id=SB10388 -~~	(CONFIRM) https://kcm.trellix.com/corporate/index?page=content&id=SB10388 - Patch, Vendor Advisory
CPE		cpe:2.3:a:trellix:intrusion_prevention_system_manager:10.1:-:::::: cpe:2.3:a:trellix:intrusion_prevention_system_manager:::::::: cpe:2.3:a:trellix:intrusion_prevention_system_manager:10.1:minor8::::::

04 Nov 2022, 12:42

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-04 12:15

Updated : 2024-11-21 07:19

NVD link : CVE-2022-3340

Mitre link : CVE-2022-3340

CVE.ORG link : CVE-2022-3340

JSON object : View

Products Affected

trellix

intrusion_prevention_system_manager

CWE

CWE-611

Improper Restriction of XML External Entity Reference

{"id": "CVE-2022-3340", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "trellixpsirt@trellix.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 1.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2022-11-04T12:15:15.377", "references": [{"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10388", "tags": ["Patch", "Vendor Advisory"], "source": "trellixpsirt@trellix.com"}, {"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10388", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "trellixpsirt@trellix.com", "description": [{"lang": "en", "value": "CWE-611"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported."}, {"lang": "es", "value": "La vulnerabilidad de entidad externa XML (XXE) en Trellix IPS Manager anterior a 10.1 M8 permite que un administrador remoto autenticado realice un ataque XXE en la parte de la interfaz del administrador de la interfaz, lo que permite importar un archivo de configuraci\u00f3n XML guardado."}], "lastModified": "2024-11-21T07:19:19.833", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trellix:intrusion_prevention_system_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB4B3735-91C5-41F5-A320-C3AFD77D0A72", "versionEndExcluding": "10.1"}, {"criteria": "cpe:2.3:a:trellix:intrusion_prevention_system_manager:10.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D91A5BF5-A481-4AD6-B3A5-11470D7CE055"}, {"criteria": "cpe:2.3:a:trellix:intrusion_prevention_system_manager:10.1:minor8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8300185B-9EC7-4EB1-BF86-2983FDA880BF"}], "operator": "OR"}]}], "sourceIdentifier": "trellixpsirt@trellix.com"}