Trellix DLP Vulnerability Allows Attackers To Delete Unprivileged Files

A privilege escalation vulnerability has been identified in the Trellix Windows DLP endpoint for Windows, which may be exploited to delete any file/folder for which the user does not have authorization.

Trellix DLP Endpoint protects against all potential leak channels, including portable storage devices, the cloud, email, instant messaging, web, printing, clipboard, screen capture, file-sharing applications, and more.

This ‘medium’ severity vulnerability is tracked as CVE-2023–4814 with a CVSS base score of 7.1. Trellix, a cybersecurity firm, recently addressed the issue of privilege escalation.

Impacted Version

Data Loss Prevention (DLP) for Windows 11.10.100.17

Fix Released

To Determine Whether the Product is Vulnerable

For Endpoint Security on Windows:

Use the following instructions for endpoint or client-based products:

• Right-click the tray shield icon on the Windows taskbar.
• Select Endpoint Security.
• In the console, select Action Menu.
• In the Action Menu, select About. The product version displays.

For endpoint products and ENS on other platforms:

• Right-click the tray shield icon on the Windows taskbar.
• Select Open Console.
• In the console, select Action Menu.
• In the Action Menu, select Product Details. The product version displays.

Hence, it is recommended to download the applicable product update/hotfix file. 

Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.