Trellix fixes critical security flaw in Intrusion Prevention System Manager
Take action: If you are using Trellix IPS Manager, make sure it's isolated from the internet, and then patch ASAP. If it needs to be visible on the internet, wake up your team and patch immediately.
Learn More
Trellix has addressed a critical security vulnerability in its Intrusion Prevention System (IPS) Manager.
Trellix is a cybersecurity company headquartered in San Jose, California, USA. The company was formed through the merger of McAfee Enterprise and FireEye.
The flaw is tracked as CVE-2024-5671 (CVSS score 9.8) and arises from insecure deserialization in workflows, allowing unauthenticated remote attackers to execute arbitrary code. Attackers could access sensitive information, interrupt normal IPS Manager operations or control and manipulate network traffic, compromising the entire network managed by Trellix IPS Manager.
Trellix IPS Manager versions before 11.1.x are impacted by this vulnerability.
Trellix has released patches to fix this vulnerability. Users are advised to patch their systems. Until patches are applied, users should restrict access to the IPS Manager from untrusted networks and apply the principle of least privilege to reduce the attack surface.
