CVE-2024-7608

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-7608
An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://thrive.trellix.com/s/article/000013844
Configurations

No configuration.

History

28 Aug 2024, 12:15

Type Values Removed Values Added
Summary (en) An authenticated user can download sensitive files from NX, EX, FX, AX, IVX, and CMS using path traversal for the URL of network anomaly download_artifact. (en) An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal.
CVSS v2 : unknown
v3 : 6.4 		v2 : unknown
v3 : 5.9

28 Aug 2024, 09:15

Type Values Removed Values Added
Summary (en) An authenticated user can download sensitive files from Trellix products NX, EX, FX, AX, IVX, and CMS using path traversal for the URL of network anomaly download_artifact. (en) An authenticated user can download sensitive files from NX, EX, FX, AX, IVX, and CMS using path traversal for the URL of network anomaly download_artifact.

27 Aug 2024, 13:01

Type Values Removed Values Added
Summary
  • (es) Un usuario autenticado puede descargar archivos confidenciales de los productos Trellix NX, EX, FX, AX, IVX y CMS utilizando path traversal para la URL de la anomalĂ­a de red download_artifact.

27 Aug 2024, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-27 08:15

Updated : 2024-08-28 12:15

NVD link : CVE-2024-7608

Mitre link : CVE-2024-7608

CVE.ORG link : CVE-2024-7608

JSON object : View

Products Affected

No product.

CWE
CWE-35

Path Traversal: '.../...//'