Trellix: Security Vulnerabilities
A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver (BYOVD) was leveraged to gain access to the critical Windows process memory lsass.exe (Local Security Authority Subsystem Service). The fekern.sys is a driver file associated with the HX Agent (used in all existing HX Agent versions). The vulnerable driver installed in a product or a system running a fully functional HX Agent is, itself, not exploitable as the product’s tamper protection restricts the ability to communicate with the driver to only the Agent’s processes.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-02-24
A sensitive information exposure vulnerability in System Information Reporter (SIR) 1.0.3 and prior allows an authenticated non-admin local user to extract sensitive information stored in a registry backup folder.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-06-26
A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash. This was achieved by adding a malicious entry to the registry under the Trellix SIR registry folder or via policy or with a junction symbolic link to files that the user would not normally have permission to acces
CVSS Score
7.2
EPSS Score
0.001
Published
2025-06-26
A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure.
CVSS Score
4.4
EPSS Score
0.001
Published
2025-06-26
A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints.
CVSS Score
8.2
EPSS Score
0.004
Published
2024-11-29
A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user.
CVSS Score
9.8
EPSS Score
0.047
Published
2024-11-29
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly
CVSS Score
6.5
EPSS Score
0.001
Published
2024-09-05
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-09-05
An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the EDR XConsole end user.
CVSS Score
4.1
EPSS Score
0.001
Published
2024-06-13
A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.
CVSS Score
4.6
EPSS Score
0.001
Published
2024-02-13
Page 1