www.belgium.be Logo of the federal government

WARNING: TRELLIX PATCHED A CRITICAL VULNERABILITY (CVE-2024-5671) IN THEIR IPS MANAGER THAT CAN LEAD TO REMOTE CODE EXECUTION, PATCH IMMEDIATELY!

Referentie: 
Advisory #2024-89
Versie: 
1.0
Geïmpacteerde software: 
Trellix IPS manager
Type: 
Remote Code Execution (RCE)
CVE/CVSS: 

CVE/CVSS: CVE-2024-5671 / CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Bronnen

Trellix: https://docs.trellix.com/nl-NL/bundle/intrusion-prevention-system-11.1.x-manager-ns-series-release-notes/page/UUID-18de5423-4520-d400-f539-fc3184256955.html

Risico’s

Trellix Intrusion Prevention System (IPS) is a next-generation intrusion detection and prevention system (IDPS) that discovers and blocks sophisticated malware threats across the network.

Trellix patched a critical vulnerability with a CVSSv3 score of 9.8 in their IPS Manger that can lead to Remote Code Execution. The vulnerability has a HIGH impact on Confidentiality, Integrity and Availability.

Beschrijving

Trellix patched a vulnerability caused by insecure deserialization in certain IPS Manager workflows, which could lead to Remote Code Execution. If exploited, this flaw allows an unauthenticated remote attacker to execute arbitrary code and access the vulnerable Trellix IPS Manager.

More information in the advisory from Trellix: https://docs.trellix.com/nl-NL/bundle/intrusion-prevention-system-11.1.x-manager-ns-series-release-notes/page/UUID-18de5423-4520-d400-f539-fc3184256955.html

Aanbevolen acties

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Referenties

LinuxPatch: https://linuxpatch.com/cve/CVE-2024-5671