Vulnerabilites related to trendmicro - deep_security_agent
cve-2022-23120
Vulnerability from cvelistv5
Published
2022-01-20 18:11
Modified
2024-08-03 03:36
Severity ?
EPSS score ?
Summary
A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://success.trendmicro.com/solution/000290104 | x_refsource_MISC | |
| https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Deep Security Agent for Linux |
Version: 20, 12, 11, 10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:19.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000290104"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Deep Security Agent for Linux",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "20, 12, 11, 10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code Injection LPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-20T18:11:18",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000290104"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2022-23120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Deep Security Agent for Linux",
"version": {
"version_data": [
{
"version_value": "20, 12, 11, 10"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection LPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000290104",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000290104"
},
{
"name": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt",
"refsource": "MISC",
"url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2022-23120",
"datePublished": "2022-01-20T18:11:18",
"dateReserved": "2022-01-11T00:00:00",
"dateUpdated": "2024-08-03T03:36:19.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40707
Vulnerability from cvelistv5
Published
2022-09-28 21:10
Modified
2024-08-03 12:21
Severity ?
EPSS score ?
Summary
An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708.
References
| ▼ | URL | Tags |
|---|---|---|
| https://success.trendmicro.com/solution/000291590 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-1297/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Deep Security |
Version: 20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1297/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Deep Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-Of-Bounds Read Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-28T21:10:22",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1297/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2022-40707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Deep Security",
"version": {
"version_data": [
{
"version_value": "20"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-Of-Bounds Read Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000291590",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1297/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1297/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2022-40707",
"datePublished": "2022-09-28T21:10:22",
"dateReserved": "2022-09-14T00:00:00",
"dateUpdated": "2024-08-03T12:21:46.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40708
Vulnerability from cvelistv5
Published
2022-09-28 21:10
Modified
2024-08-03 12:21
Severity ?
EPSS score ?
Summary
An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707.
References
| ▼ | URL | Tags |
|---|---|---|
| https://success.trendmicro.com/solution/000291590 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-1298/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Deep Security |
Version: 20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1298/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Deep Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-Of-Bounds Read Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-28T21:10:23",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1298/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2022-40708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Deep Security",
"version": {
"version_data": [
{
"version_value": "20"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-Of-Bounds Read Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000291590",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1298/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1298/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2022-40708",
"datePublished": "2022-09-28T21:10:23",
"dateReserved": "2022-09-14T00:00:00",
"dateUpdated": "2024-08-03T12:21:46.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23119
Vulnerability from cvelistv5
Published
2022-01-20 18:11
Modified
2024-08-03 03:36
Severity ?
EPSS score ?
Summary
A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://success.trendmicro.com/solution/000290104 | x_refsource_MISC | |
| https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Deep Security Agent for Linux |
Version: 20, 12, 11, 10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:19.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000290104"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Deep Security Agent for Linux",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "20, 12, 11, 10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-20T18:11:17",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000290104"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2022-23119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Deep Security Agent for Linux",
"version": {
"version_data": [
{
"version_value": "20, 12, 11, 10"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000290104",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000290104"
},
{
"name": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt",
"refsource": "MISC",
"url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2022-23119",
"datePublished": "2022-01-20T18:11:17",
"dateReserved": "2022-01-11T00:00:00",
"dateUpdated": "2024-08-03T03:36:19.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-52338
Vulnerability from cvelistv5
Published
2024-01-23 20:43
Modified
2024-08-02 22:55
Severity ?
EPSS score ?
Summary
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Deep Security Agent |
Version: 20.0 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trendmicro:deep_security_agent:20.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "deep_security_agent",
"vendor": "trendmicro",
"versions": [
{
"lessThan": "20.0.0-8438",
"status": "affected",
"version": "20.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T19:14:09.238652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T19:25:59.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-076/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Deep Security Agent",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "20.0.0-8438",
"status": "affected",
"version": "20.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T20:43:13.069Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-076/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2023-52338",
"datePublished": "2024-01-23T20:43:13.069Z",
"dateReserved": "2024-01-12T00:09:12.342Z",
"dateUpdated": "2024-08-02T22:55:41.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40710
Vulnerability from cvelistv5
Published
2022-09-28 21:10
Modified
2024-08-03 12:21
Severity ?
EPSS score ?
Summary
A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://success.trendmicro.com/solution/000291590 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-1296/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Deep Security |
Version: 20.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Deep Security",
"vendor": "Trend Micro",
"versions": [
{
"lessThan": "20.0.0.5394",
"status": "affected",
"version": "20.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Link Following LPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T18:29:35.010Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2022-40710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Deep Security",
"version": {
"version_data": [
{
"version_value": "20"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Link Following LPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000291590",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2022-40710",
"datePublished": "2022-09-28T21:10:25",
"dateReserved": "2022-09-14T00:00:00",
"dateUpdated": "2024-08-03T12:21:46.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40709
Vulnerability from cvelistv5
Published
2022-09-28 21:10
Modified
2024-11-20 14:56
Severity ?
EPSS score ?
Summary
An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708.
References
| ▼ | URL | Tags |
|---|---|---|
| https://success.trendmicro.com/solution/000291590 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-1299/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Deep Security |
Version: 20 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1299/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40709",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-28T16:15:39.029523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T14:56:09.409Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Deep Security",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-Of-Bounds Read Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-28T21:10:24",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1299/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2022-40709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Deep Security",
"version": {
"version_data": [
{
"version_value": "20"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-Of-Bounds Read Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/000291590",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1299/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1299/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2022-40709",
"datePublished": "2022-09-28T21:10:24",
"dateReserved": "2022-09-14T00:00:00",
"dateUpdated": "2024-11-20T14:56:09.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-52337
Vulnerability from cvelistv5
Published
2024-01-23 20:42
Modified
2024-08-02 22:55
Severity ?
EPSS score ?
Summary
An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Deep Security Agent |
Version: 20.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-075/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Deep Security Agent",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "20.0.0-8438",
"status": "affected",
"version": "20.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T20:42:58.280Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-075/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2023-52337",
"datePublished": "2024-01-23T20:42:58.280Z",
"dateReserved": "2024-01-12T00:09:12.342Z",
"dateUpdated": "2024-08-02T22:55:41.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-09-28 21:15
Modified
2024-11-21 07:21
Severity ?
Summary
A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/solution/000291590 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-22-1296/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/000291590 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-22-1296/ | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:-:*:*:long_term_support:*:*:*",
"matchCriteriaId": "34026BD4-6637-4267-BAFC-BF25927AF220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*",
"matchCriteriaId": "395BE207-3450-4DD8-A5B4-CA005A8A29E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*",
"matchCriteriaId": "10692943-0205-42F3-8EBC-64499CC0A3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update158:*:*:long_term_support:*:*:*",
"matchCriteriaId": "4CD4971B-80E4-45E5-9895-34EA463D408C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update167:*:*:long_term_support:*:*:*",
"matchCriteriaId": "13310EBF-97B9-4266-9384-82550A55EBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update173:*:*:long_term_support:*:*:*",
"matchCriteriaId": "B5363299-C02D-4AB8-8C48-0A3AFF4F2D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update180:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A2A56B00-44A5-451C-B8D0-19097E3A9C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update182:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F1C90C28-9413-407B-BC1D-3F4037BDF235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*",
"matchCriteriaId": "6201FA1A-1F94-46DF-A7EE-6F4DE2910131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update183:*:*:long_term_support:*:*:*",
"matchCriteriaId": "D2CD4BBE-7C1B-4FA8-98E5-D2DD2E2AAD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E667A20B-65ED-434F-8A5F-220C87B175EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update190:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2F74BA58-9388-4715-9477-FC1005765FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update198:*:*:long_term_support:*:*:*",
"matchCriteriaId": "8665FF69-6034-4D5F-8E2D-8DB1E07C7BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2CCE7E62-6CBE-476F-A9E5-52790F90E5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update208:*:*:long_term_support:*:*:*",
"matchCriteriaId": "3912DDD3-A3B0-487F-A74A-9A529D69FFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update213:*:*:long_term_support:*:*:*",
"matchCriteriaId": "4D555FC6-8986-4891-90CC-DB4F24990167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*",
"matchCriteriaId": "920B4F3B-2D78-4B71-8B65-8AEF6AF2C735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update223:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E68C5D12-3E35-43D3-A5A0-2C029EFA0182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update224:*:*:long_term_support:*:*:*",
"matchCriteriaId": "0C49595B-D6E5-42CC-B634-5F14B868C341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2419:*:*:long_term_support:*:*:*",
"matchCriteriaId": "236653DA-EE2C-4923-A5C8-CC32305626FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A61BF475-18D9-4246-91C7-7A1B6A7B44AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*",
"matchCriteriaId": "DC90635A-4FEB-4F7A-B0BD-D4CCD1183A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*",
"matchCriteriaId": "6D12CADF-AAA4-4E0B-93EC-81C5C3BDCA47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*",
"matchCriteriaId": "9FD0C979-641F-482B-9D05-B3B9A5F6D443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F56F3E88-3E65-4C3E-932D-6C8404F5A1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2FF0DE00-851E-4185-8C0C-172252E3E7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3530:*:*:long_term_support:*:*:*",
"matchCriteriaId": "57A322DB-9E37-4508-B904-51F0305D4B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3771:*:*:long_term_support:*:*:*",
"matchCriteriaId": "9CEFF34B-1B17-416F-9068-9CE5DAC0F19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*",
"matchCriteriaId": "87A77C12-0F5C-4EA7-96BA-8B14E2795E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*",
"matchCriteriaId": "87821A85-93F2-422B-8876-CF3729D99594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*",
"matchCriteriaId": "0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F2F3C583-2A09-4448-B384-273B48D2B4E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*",
"matchCriteriaId": "445BA171-0190-429A-8D4F-F857CEA5361E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*",
"matchCriteriaId": "95889F1E-931E-40E4-99A1-9C1A4A8B0847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*",
"matchCriteriaId": "BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad de seguimiento de enlaces en Trend Micro Deep Security 20 y Cloud One - Workload Security Agent para Windows podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Nota: un atacante debe obtener primero la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad"
}
],
"id": "CVE-2022-40710",
"lastModified": "2024-11-21T07:21:54.413",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-28T21:15:15.243",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-28 21:15
Modified
2024-11-21 07:21
Severity ?
Summary
An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/solution/000291590 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-22-1298/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/000291590 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-22-1298/ | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:-:*:*:long_term_support:*:*:*",
"matchCriteriaId": "34026BD4-6637-4267-BAFC-BF25927AF220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*",
"matchCriteriaId": "395BE207-3450-4DD8-A5B4-CA005A8A29E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*",
"matchCriteriaId": "10692943-0205-42F3-8EBC-64499CC0A3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update158:*:*:long_term_support:*:*:*",
"matchCriteriaId": "4CD4971B-80E4-45E5-9895-34EA463D408C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update167:*:*:long_term_support:*:*:*",
"matchCriteriaId": "13310EBF-97B9-4266-9384-82550A55EBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update173:*:*:long_term_support:*:*:*",
"matchCriteriaId": "B5363299-C02D-4AB8-8C48-0A3AFF4F2D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update180:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A2A56B00-44A5-451C-B8D0-19097E3A9C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update182:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F1C90C28-9413-407B-BC1D-3F4037BDF235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*",
"matchCriteriaId": "6201FA1A-1F94-46DF-A7EE-6F4DE2910131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update183:*:*:long_term_support:*:*:*",
"matchCriteriaId": "D2CD4BBE-7C1B-4FA8-98E5-D2DD2E2AAD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E667A20B-65ED-434F-8A5F-220C87B175EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update190:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2F74BA58-9388-4715-9477-FC1005765FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update198:*:*:long_term_support:*:*:*",
"matchCriteriaId": "8665FF69-6034-4D5F-8E2D-8DB1E07C7BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2CCE7E62-6CBE-476F-A9E5-52790F90E5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update208:*:*:long_term_support:*:*:*",
"matchCriteriaId": "3912DDD3-A3B0-487F-A74A-9A529D69FFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update213:*:*:long_term_support:*:*:*",
"matchCriteriaId": "4D555FC6-8986-4891-90CC-DB4F24990167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*",
"matchCriteriaId": "920B4F3B-2D78-4B71-8B65-8AEF6AF2C735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update223:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E68C5D12-3E35-43D3-A5A0-2C029EFA0182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update224:*:*:long_term_support:*:*:*",
"matchCriteriaId": "0C49595B-D6E5-42CC-B634-5F14B868C341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2419:*:*:long_term_support:*:*:*",
"matchCriteriaId": "236653DA-EE2C-4923-A5C8-CC32305626FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A61BF475-18D9-4246-91C7-7A1B6A7B44AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*",
"matchCriteriaId": "DC90635A-4FEB-4F7A-B0BD-D4CCD1183A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*",
"matchCriteriaId": "6D12CADF-AAA4-4E0B-93EC-81C5C3BDCA47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*",
"matchCriteriaId": "9FD0C979-641F-482B-9D05-B3B9A5F6D443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F56F3E88-3E65-4C3E-932D-6C8404F5A1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2FF0DE00-851E-4185-8C0C-172252E3E7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3530:*:*:long_term_support:*:*:*",
"matchCriteriaId": "57A322DB-9E37-4508-B904-51F0305D4B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3771:*:*:long_term_support:*:*:*",
"matchCriteriaId": "9CEFF34B-1B17-416F-9068-9CE5DAC0F19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*",
"matchCriteriaId": "87A77C12-0F5C-4EA7-96BA-8B14E2795E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*",
"matchCriteriaId": "87821A85-93F2-422B-8876-CF3729D99594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*",
"matchCriteriaId": "0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F2F3C583-2A09-4448-B384-273B48D2B4E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*",
"matchCriteriaId": "445BA171-0190-429A-8D4F-F857CEA5361E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*",
"matchCriteriaId": "95889F1E-931E-40E4-99A1-9C1A4A8B0847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*",
"matchCriteriaId": "BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707."
},
{
"lang": "es",
"value": "Una vulnerabilidad de lectura fuera de l\u00edmites en Trend Micro Deep Security 20 y Cloud One - Workload Security Agent para Windows podr\u00eda permitir a un atacante local divulgar informaci\u00f3n confidencial en las instalaciones afectadas. Tenga en cuenta que un atacante debe obtener primero la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar estas vulnerabilidades. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a la CVE-2022-40707"
}
],
"id": "CVE-2022-40708",
"lastModified": "2024-11-21T07:21:54.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-28T21:15:15.137",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1298/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1298/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-23 21:15
Modified
2024-11-21 08:39
Severity ?
Summary
An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-24-075/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-24-075/ | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:deep_security:20.0:-:*:*:*:*:*:*",
"matchCriteriaId": "687BDC97-044F-4FE1-9A40-53603AFEA35E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*",
"matchCriteriaId": "395BE207-3450-4DD8-A5B4-CA005A8A29E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*",
"matchCriteriaId": "10692943-0205-42F3-8EBC-64499CC0A3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update158:*:*:long_term_support:*:*:*",
"matchCriteriaId": "4CD4971B-80E4-45E5-9895-34EA463D408C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update167:*:*:long_term_support:*:*:*",
"matchCriteriaId": "13310EBF-97B9-4266-9384-82550A55EBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update173:*:*:long_term_support:*:*:*",
"matchCriteriaId": "B5363299-C02D-4AB8-8C48-0A3AFF4F2D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update180:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A2A56B00-44A5-451C-B8D0-19097E3A9C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update182:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F1C90C28-9413-407B-BC1D-3F4037BDF235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*",
"matchCriteriaId": "6201FA1A-1F94-46DF-A7EE-6F4DE2910131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update183:*:*:long_term_support:*:*:*",
"matchCriteriaId": "D2CD4BBE-7C1B-4FA8-98E5-D2DD2E2AAD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E667A20B-65ED-434F-8A5F-220C87B175EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update190:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2F74BA58-9388-4715-9477-FC1005765FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update198:*:*:long_term_support:*:*:*",
"matchCriteriaId": "8665FF69-6034-4D5F-8E2D-8DB1E07C7BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2CCE7E62-6CBE-476F-A9E5-52790F90E5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update208:*:*:long_term_support:*:*:*",
"matchCriteriaId": "3912DDD3-A3B0-487F-A74A-9A529D69FFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update213:*:*:long_term_support:*:*:*",
"matchCriteriaId": "4D555FC6-8986-4891-90CC-DB4F24990167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*",
"matchCriteriaId": "920B4F3B-2D78-4B71-8B65-8AEF6AF2C735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update223:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E68C5D12-3E35-43D3-A5A0-2C029EFA0182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update224:*:*:long_term_support:*:*:*",
"matchCriteriaId": "0C49595B-D6E5-42CC-B634-5F14B868C341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2419:*:*:long_term_support:*:*:*",
"matchCriteriaId": "236653DA-EE2C-4923-A5C8-CC32305626FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A61BF475-18D9-4246-91C7-7A1B6A7B44AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*",
"matchCriteriaId": "DC90635A-4FEB-4F7A-B0BD-D4CCD1183A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*",
"matchCriteriaId": "6D12CADF-AAA4-4E0B-93EC-81C5C3BDCA47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*",
"matchCriteriaId": "9FD0C979-641F-482B-9D05-B3B9A5F6D443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F56F3E88-3E65-4C3E-932D-6C8404F5A1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2FF0DE00-851E-4185-8C0C-172252E3E7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3530:*:*:long_term_support:*:*:*",
"matchCriteriaId": "57A322DB-9E37-4508-B904-51F0305D4B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3771:*:*:long_term_support:*:*:*",
"matchCriteriaId": "9CEFF34B-1B17-416F-9068-9CE5DAC0F19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*",
"matchCriteriaId": "87A77C12-0F5C-4EA7-96BA-8B14E2795E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*",
"matchCriteriaId": "87821A85-93F2-422B-8876-CF3729D99594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*",
"matchCriteriaId": "0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F2F3C583-2A09-4448-B384-273B48D2B4E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*",
"matchCriteriaId": "445BA171-0190-429A-8D4F-F857CEA5361E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*",
"matchCriteriaId": "95889F1E-931E-40E4-99A1-9C1A4A8B0847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5394:*:*:long_term_support:*:*:*",
"matchCriteriaId": "3E57A0B9-FD42-4BC2-8E77-473C231E8C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5512:*:*:long_term_support:*:*:*",
"matchCriteriaId": "9A36042B-CE11-400C-A3E9-675FA01DFD79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5810:*:*:long_term_support:*:*:*",
"matchCriteriaId": "73312B15-FF4F-4576-A6DC-90E7DDC16177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5995:*:*:long_term_support:*:*:*",
"matchCriteriaId": "EC926B09-2153-408D-96D1-339BC6CA3E74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6313:*:*:long_term_support:*:*:*",
"matchCriteriaId": "C8B125A6-071C-40BD-BEF8-3349D69B8FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6690:*:*:long_term_support:*:*:*",
"matchCriteriaId": "8798E437-2DF9-4128-95A4-D6E428BB68F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6860:*:*:long_term_support:*:*:*",
"matchCriteriaId": "530A146D-8ACA-4EC3-A431-E732CDCBEF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7119:*:*:long_term_support:*:*:*",
"matchCriteriaId": "45F6F599-6DFD-4FAC-A3BC-DA04337FBF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7303:*:*:long_term_support:*:*:*",
"matchCriteriaId": "AF3BF95D-BE53-48CF-AC59-7E53B3245E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7476:*:*:long_term_support:*:*:*",
"matchCriteriaId": "CA991E32-E28D-4310-8578-DD92033AEEB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7719:*:*:long_term_support:*:*:*",
"matchCriteriaId": "41CFF915-1DD8-4C9F-8B43-04BCDA0C5068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7943:*:*:long_term_support:*:*:*",
"matchCriteriaId": "C88FD401-BDA4-4080-B56D-D9A980236A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8137:*:*:long_term_support:*:*:*",
"matchCriteriaId": "56A61850-1C9F-420B-88CF-D2D92BF1709E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8268:*:*:long_term_support:*:*:*",
"matchCriteriaId": "6CEB092E-8D28-478E-BEA9-D489EC63D689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*",
"matchCriteriaId": "BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso inadecuado en Trend Micro Deep Security 20.0 y Trend Micro Cloud One - Endpoint and Workload Security Agent podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad."
}
],
"id": "CVE-2023-52337",
"lastModified": "2024-11-21T08:39:35.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-23T21:15:09.677",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-075/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-075/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-28 21:15
Modified
2024-11-21 07:21
Severity ?
Summary
An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/solution/000291590 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-22-1297/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/000291590 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-22-1297/ | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:-:*:*:long_term_support:*:*:*",
"matchCriteriaId": "34026BD4-6637-4267-BAFC-BF25927AF220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*",
"matchCriteriaId": "395BE207-3450-4DD8-A5B4-CA005A8A29E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*",
"matchCriteriaId": "10692943-0205-42F3-8EBC-64499CC0A3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update158:*:*:long_term_support:*:*:*",
"matchCriteriaId": "4CD4971B-80E4-45E5-9895-34EA463D408C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update167:*:*:long_term_support:*:*:*",
"matchCriteriaId": "13310EBF-97B9-4266-9384-82550A55EBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update173:*:*:long_term_support:*:*:*",
"matchCriteriaId": "B5363299-C02D-4AB8-8C48-0A3AFF4F2D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update180:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A2A56B00-44A5-451C-B8D0-19097E3A9C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update182:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F1C90C28-9413-407B-BC1D-3F4037BDF235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*",
"matchCriteriaId": "6201FA1A-1F94-46DF-A7EE-6F4DE2910131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update183:*:*:long_term_support:*:*:*",
"matchCriteriaId": "D2CD4BBE-7C1B-4FA8-98E5-D2DD2E2AAD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E667A20B-65ED-434F-8A5F-220C87B175EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update190:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2F74BA58-9388-4715-9477-FC1005765FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update198:*:*:long_term_support:*:*:*",
"matchCriteriaId": "8665FF69-6034-4D5F-8E2D-8DB1E07C7BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2CCE7E62-6CBE-476F-A9E5-52790F90E5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update208:*:*:long_term_support:*:*:*",
"matchCriteriaId": "3912DDD3-A3B0-487F-A74A-9A529D69FFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update213:*:*:long_term_support:*:*:*",
"matchCriteriaId": "4D555FC6-8986-4891-90CC-DB4F24990167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*",
"matchCriteriaId": "920B4F3B-2D78-4B71-8B65-8AEF6AF2C735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update223:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E68C5D12-3E35-43D3-A5A0-2C029EFA0182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update224:*:*:long_term_support:*:*:*",
"matchCriteriaId": "0C49595B-D6E5-42CC-B634-5F14B868C341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2419:*:*:long_term_support:*:*:*",
"matchCriteriaId": "236653DA-EE2C-4923-A5C8-CC32305626FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A61BF475-18D9-4246-91C7-7A1B6A7B44AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*",
"matchCriteriaId": "DC90635A-4FEB-4F7A-B0BD-D4CCD1183A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*",
"matchCriteriaId": "6D12CADF-AAA4-4E0B-93EC-81C5C3BDCA47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*",
"matchCriteriaId": "9FD0C979-641F-482B-9D05-B3B9A5F6D443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F56F3E88-3E65-4C3E-932D-6C8404F5A1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2FF0DE00-851E-4185-8C0C-172252E3E7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3530:*:*:long_term_support:*:*:*",
"matchCriteriaId": "57A322DB-9E37-4508-B904-51F0305D4B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3771:*:*:long_term_support:*:*:*",
"matchCriteriaId": "9CEFF34B-1B17-416F-9068-9CE5DAC0F19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*",
"matchCriteriaId": "87A77C12-0F5C-4EA7-96BA-8B14E2795E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*",
"matchCriteriaId": "87821A85-93F2-422B-8876-CF3729D99594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*",
"matchCriteriaId": "0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F2F3C583-2A09-4448-B384-273B48D2B4E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*",
"matchCriteriaId": "445BA171-0190-429A-8D4F-F857CEA5361E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*",
"matchCriteriaId": "95889F1E-931E-40E4-99A1-9C1A4A8B0847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*",
"matchCriteriaId": "BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708."
},
{
"lang": "es",
"value": "Una vulnerabilidad de lectura fuera de l\u00edmites en Trend Micro Deep Security 20 y Cloud One - Workload Security Agent para Windows podr\u00eda permitir a un atacante local divulgar informaci\u00f3n confidencial en las instalaciones afectadas. Tenga en cuenta: un atacante debe obtener primero la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar estas vulnerabilidades. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a la CVE-2022-40708"
}
],
"id": "CVE-2022-40707",
"lastModified": "2024-11-21T07:21:53.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-28T21:15:14.967",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1297/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1297/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-23 21:15
Modified
2024-11-21 08:39
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-24-076/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-24-076/ | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:deep_security:20.0:-:*:*:*:*:*:*",
"matchCriteriaId": "687BDC97-044F-4FE1-9A40-53603AFEA35E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*",
"matchCriteriaId": "395BE207-3450-4DD8-A5B4-CA005A8A29E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*",
"matchCriteriaId": "10692943-0205-42F3-8EBC-64499CC0A3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update158:*:*:long_term_support:*:*:*",
"matchCriteriaId": "4CD4971B-80E4-45E5-9895-34EA463D408C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update167:*:*:long_term_support:*:*:*",
"matchCriteriaId": "13310EBF-97B9-4266-9384-82550A55EBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update173:*:*:long_term_support:*:*:*",
"matchCriteriaId": "B5363299-C02D-4AB8-8C48-0A3AFF4F2D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update180:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A2A56B00-44A5-451C-B8D0-19097E3A9C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update182:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F1C90C28-9413-407B-BC1D-3F4037BDF235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*",
"matchCriteriaId": "6201FA1A-1F94-46DF-A7EE-6F4DE2910131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update183:*:*:long_term_support:*:*:*",
"matchCriteriaId": "D2CD4BBE-7C1B-4FA8-98E5-D2DD2E2AAD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E667A20B-65ED-434F-8A5F-220C87B175EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update190:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2F74BA58-9388-4715-9477-FC1005765FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update198:*:*:long_term_support:*:*:*",
"matchCriteriaId": "8665FF69-6034-4D5F-8E2D-8DB1E07C7BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2CCE7E62-6CBE-476F-A9E5-52790F90E5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update208:*:*:long_term_support:*:*:*",
"matchCriteriaId": "3912DDD3-A3B0-487F-A74A-9A529D69FFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update213:*:*:long_term_support:*:*:*",
"matchCriteriaId": "4D555FC6-8986-4891-90CC-DB4F24990167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*",
"matchCriteriaId": "920B4F3B-2D78-4B71-8B65-8AEF6AF2C735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update223:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E68C5D12-3E35-43D3-A5A0-2C029EFA0182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update224:*:*:long_term_support:*:*:*",
"matchCriteriaId": "0C49595B-D6E5-42CC-B634-5F14B868C341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2419:*:*:long_term_support:*:*:*",
"matchCriteriaId": "236653DA-EE2C-4923-A5C8-CC32305626FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A61BF475-18D9-4246-91C7-7A1B6A7B44AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*",
"matchCriteriaId": "DC90635A-4FEB-4F7A-B0BD-D4CCD1183A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*",
"matchCriteriaId": "6D12CADF-AAA4-4E0B-93EC-81C5C3BDCA47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*",
"matchCriteriaId": "9FD0C979-641F-482B-9D05-B3B9A5F6D443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F56F3E88-3E65-4C3E-932D-6C8404F5A1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2FF0DE00-851E-4185-8C0C-172252E3E7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3530:*:*:long_term_support:*:*:*",
"matchCriteriaId": "57A322DB-9E37-4508-B904-51F0305D4B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3771:*:*:long_term_support:*:*:*",
"matchCriteriaId": "9CEFF34B-1B17-416F-9068-9CE5DAC0F19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*",
"matchCriteriaId": "87A77C12-0F5C-4EA7-96BA-8B14E2795E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*",
"matchCriteriaId": "87821A85-93F2-422B-8876-CF3729D99594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*",
"matchCriteriaId": "0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F2F3C583-2A09-4448-B384-273B48D2B4E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*",
"matchCriteriaId": "445BA171-0190-429A-8D4F-F857CEA5361E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*",
"matchCriteriaId": "95889F1E-931E-40E4-99A1-9C1A4A8B0847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5394:*:*:long_term_support:*:*:*",
"matchCriteriaId": "3E57A0B9-FD42-4BC2-8E77-473C231E8C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5512:*:*:long_term_support:*:*:*",
"matchCriteriaId": "9A36042B-CE11-400C-A3E9-675FA01DFD79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5810:*:*:long_term_support:*:*:*",
"matchCriteriaId": "73312B15-FF4F-4576-A6DC-90E7DDC16177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5995:*:*:long_term_support:*:*:*",
"matchCriteriaId": "EC926B09-2153-408D-96D1-339BC6CA3E74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6313:*:*:long_term_support:*:*:*",
"matchCriteriaId": "C8B125A6-071C-40BD-BEF8-3349D69B8FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6690:*:*:long_term_support:*:*:*",
"matchCriteriaId": "8798E437-2DF9-4128-95A4-D6E428BB68F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update6860:*:*:long_term_support:*:*:*",
"matchCriteriaId": "530A146D-8ACA-4EC3-A431-E732CDCBEF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7119:*:*:long_term_support:*:*:*",
"matchCriteriaId": "45F6F599-6DFD-4FAC-A3BC-DA04337FBF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7303:*:*:long_term_support:*:*:*",
"matchCriteriaId": "AF3BF95D-BE53-48CF-AC59-7E53B3245E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7476:*:*:long_term_support:*:*:*",
"matchCriteriaId": "CA991E32-E28D-4310-8578-DD92033AEEB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7719:*:*:long_term_support:*:*:*",
"matchCriteriaId": "41CFF915-1DD8-4C9F-8B43-04BCDA0C5068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update7943:*:*:long_term_support:*:*:*",
"matchCriteriaId": "C88FD401-BDA4-4080-B56D-D9A980236A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8137:*:*:long_term_support:*:*:*",
"matchCriteriaId": "56A61850-1C9F-420B-88CF-D2D92BF1709E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update8268:*:*:long_term_support:*:*:*",
"matchCriteriaId": "6CEB092E-8D28-478E-BEA9-D489EC63D689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*",
"matchCriteriaId": "BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.\r\n\r\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad de link following en Trend Micro Deep Security 20.0 y Trend Micro Cloud One - Endpoint and Workload Security Agent podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Tenga en cuenta: un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad."
}
],
"id": "CVE-2023-52338",
"lastModified": "2024-11-21T08:39:35.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-01-23T21:15:09.717",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-076/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-076/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-28 21:15
Modified
2024-11-21 07:21
Severity ?
Summary
An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/solution/000291590 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-22-1299/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/000291590 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-22-1299/ | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:-:*:*:long_term_support:*:*:*",
"matchCriteriaId": "34026BD4-6637-4267-BAFC-BF25927AF220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*",
"matchCriteriaId": "395BE207-3450-4DD8-A5B4-CA005A8A29E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*",
"matchCriteriaId": "10692943-0205-42F3-8EBC-64499CC0A3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update158:*:*:long_term_support:*:*:*",
"matchCriteriaId": "4CD4971B-80E4-45E5-9895-34EA463D408C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update167:*:*:long_term_support:*:*:*",
"matchCriteriaId": "13310EBF-97B9-4266-9384-82550A55EBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update173:*:*:long_term_support:*:*:*",
"matchCriteriaId": "B5363299-C02D-4AB8-8C48-0A3AFF4F2D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update180:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A2A56B00-44A5-451C-B8D0-19097E3A9C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update182:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F1C90C28-9413-407B-BC1D-3F4037BDF235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*",
"matchCriteriaId": "6201FA1A-1F94-46DF-A7EE-6F4DE2910131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update183:*:*:long_term_support:*:*:*",
"matchCriteriaId": "D2CD4BBE-7C1B-4FA8-98E5-D2DD2E2AAD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E667A20B-65ED-434F-8A5F-220C87B175EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update190:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2F74BA58-9388-4715-9477-FC1005765FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update198:*:*:long_term_support:*:*:*",
"matchCriteriaId": "8665FF69-6034-4D5F-8E2D-8DB1E07C7BE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2CCE7E62-6CBE-476F-A9E5-52790F90E5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update208:*:*:long_term_support:*:*:*",
"matchCriteriaId": "3912DDD3-A3B0-487F-A74A-9A529D69FFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update213:*:*:long_term_support:*:*:*",
"matchCriteriaId": "4D555FC6-8986-4891-90CC-DB4F24990167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*",
"matchCriteriaId": "920B4F3B-2D78-4B71-8B65-8AEF6AF2C735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update223:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E68C5D12-3E35-43D3-A5A0-2C029EFA0182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update224:*:*:long_term_support:*:*:*",
"matchCriteriaId": "0C49595B-D6E5-42CC-B634-5F14B868C341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2419:*:*:long_term_support:*:*:*",
"matchCriteriaId": "236653DA-EE2C-4923-A5C8-CC32305626FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A61BF475-18D9-4246-91C7-7A1B6A7B44AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*",
"matchCriteriaId": "DC90635A-4FEB-4F7A-B0BD-D4CCD1183A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*",
"matchCriteriaId": "6D12CADF-AAA4-4E0B-93EC-81C5C3BDCA47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*",
"matchCriteriaId": "9FD0C979-641F-482B-9D05-B3B9A5F6D443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F56F3E88-3E65-4C3E-932D-6C8404F5A1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2FF0DE00-851E-4185-8C0C-172252E3E7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3530:*:*:long_term_support:*:*:*",
"matchCriteriaId": "57A322DB-9E37-4508-B904-51F0305D4B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3771:*:*:long_term_support:*:*:*",
"matchCriteriaId": "9CEFF34B-1B17-416F-9068-9CE5DAC0F19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*",
"matchCriteriaId": "87A77C12-0F5C-4EA7-96BA-8B14E2795E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*",
"matchCriteriaId": "87821A85-93F2-422B-8876-CF3729D99594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*",
"matchCriteriaId": "0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F2F3C583-2A09-4448-B384-273B48D2B4E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*",
"matchCriteriaId": "445BA171-0190-429A-8D4F-F857CEA5361E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*",
"matchCriteriaId": "95889F1E-931E-40E4-99A1-9C1A4A8B0847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*",
"matchCriteriaId": "BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708."
},
{
"lang": "es",
"value": "Una vulnerabilidad de lectura fuera de l\u00edmites en Trend Micro Deep Security 20 y Cloud One - Workload Security Agent para Windows podr\u00eda permitir a un atacante local divulgar informaci\u00f3n confidencial en las instalaciones afectadas. Tenga en cuenta que un atacante debe obtener primero la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar estas vulnerabilidades. Esta vulnerabilidad es similar, pero no id\u00e9ntica, a las CVE-2022-40707 y 40708"
}
],
"id": "CVE-2022-40709",
"lastModified": "2024-11-21T07:21:54.283",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-28T21:15:15.190",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1299/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/000291590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1299/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-20 19:15
Modified
2024-11-21 06:48
Severity ?
Summary
A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/solution/000290104 | Mitigation, Patch, Vendor Advisory | |
| security@trendmicro.com | https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/000290104 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:*:*:*:*:long_term_support:*:*:*",
"matchCriteriaId": "B0C257E3-8965-419B-A1CF-A36A0694E772",
"versionEndExcluding": "20.0.0-3445",
"versionStartIncluding": "20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:-:*:*:long_term_support:*:*:*",
"matchCriteriaId": "321EB924-8AD5-4BA2-808A-25F802B675B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update1:*:*:long_term_support:*:*:*",
"matchCriteriaId": "09B1BB7D-D806-43B6-B9C4-D7996545C92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update10:*:*:long_term_support:*:*:*",
"matchCriteriaId": "FC319EA4-53C8-4DE2-AA77-AF51EF8EE2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update11:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E75B8D37-71C4-46D8-BDEA-4092D3EA422A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update12:*:*:long_term_support:*:*:*",
"matchCriteriaId": "43976B40-11D5-43AB-9204-6D749204121B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update13:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F3D52AB1-7932-4257-A779-76A10FBEE4A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update14:*:*:long_term_support:*:*:*",
"matchCriteriaId": "BD9BD10B-BE86-47AC-AB0C-A107A066B234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update15:*:*:long_term_support:*:*:*",
"matchCriteriaId": "36FED81B-AE50-42EB-9F86-37EF97C9453F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update16:*:*:long_term_support:*:*:*",
"matchCriteriaId": "B7410926-0A0F-4D7D-93AE-11812B0BFAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update17:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E28EE556-D322-4B03-9C8B-F6DE9A73E3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update18:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A009F12A-125E-4B4C-ABAD-AFDF52AC9E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update19:*:*:long_term_support:*:*:*",
"matchCriteriaId": "3A165D79-C3B8-453B-B845-FE7C75FCD887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update2:*:*:long_term_support:*:*:*",
"matchCriteriaId": "42B6F868-C72D-49D1-B70F-25F6BDCD9A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update20:*:*:long_term_support:*:*:*",
"matchCriteriaId": "7130DB44-4550-4D28-8114-2C89C7490C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update21:*:*:long_term_support:*:*:*",
"matchCriteriaId": "283217E3-921F-407C-B08A-5D71C4A39AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update22:*:*:long_term_support:*:*:*",
"matchCriteriaId": "353D2026-D8DA-4C4B-A933-6BF33C85751E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update23:*:*:long_term_support:*:*:*",
"matchCriteriaId": "BF1DCC0C-E834-436F-8FB1-BD3E857FDCF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update24:*:*:long_term_support:*:*:*",
"matchCriteriaId": "EC19A050-324B-427A-BE1C-B9030A07DB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update25:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E06D04C4-B1F2-4CC0-BD7D-1125001A2211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update26:*:*:long_term_support:*:*:*",
"matchCriteriaId": "14E90A61-DEC5-4EF0-BFD2-6740F20A8E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update27:*:*:long_term_support:*:*:*",
"matchCriteriaId": "0FACE806-A137-4F32-A975-A0DCC7613252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update28:*:*:long_term_support:*:*:*",
"matchCriteriaId": "BDB1F56A-D134-49D8-88D0-F9E80E2051FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update29:*:*:long_term_support:*:*:*",
"matchCriteriaId": "EEC17CCA-83FF-45D3-9CDB-27C5E1FA1D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update3:*:*:long_term_support:*:*:*",
"matchCriteriaId": "03AC8F33-76DE-4159-8FB8-2552D420083A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update30:*:*:long_term_support:*:*:*",
"matchCriteriaId": "661512DC-94BF-4033-BCCF-CEB0B4CF30CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update31:*:*:long_term_support:*:*:*",
"matchCriteriaId": "7DBDF5F7-124B-4776-9803-6A03FEDB2075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update4:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F0D3A45A-1D11-45E0-92D3-E7398CB049E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update5:*:*:long_term_support:*:*:*",
"matchCriteriaId": "C22891AE-781F-4212-B1D3-9E4F5FB0C14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update6:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A71E3B80-F9A9-45F6-95F5-B6B352FAC27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update7:*:*:long_term_support:*:*:*",
"matchCriteriaId": "16AAC654-6F7E-4557-B03C-1EAD8C6ABB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update8:*:*:long_term_support:*:*:*",
"matchCriteriaId": "6E3B910C-0D6E-4E4A-BB0D-40A540AC3F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update9:*:*:long_term_support:*:*:*",
"matchCriteriaId": "12A1E116-286E-4A47-A44E-360EEA8880AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:-:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E943BEB7-FE23-46EA-ADF0-7F98A4B3CA47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update1:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F88232D0-FEEF-485D-B1C9-221C4E967194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update10:*:*:long_term_support:*:*:*",
"matchCriteriaId": "7C108DC0-117F-46ED-9A72-D876D8203A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update11:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F67BDB9D-A5B8-4510-8C1D-963BBFF2DCA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update12:*:*:long_term_support:*:*:*",
"matchCriteriaId": "1DBFF14B-08E0-4A49-8A74-919F3A5A3D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update13:*:*:long_term_support:*:*:*",
"matchCriteriaId": "B909B6D7-52B8-4165-9864-3A05F25EC25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update14:*:*:long_term_support:*:*:*",
"matchCriteriaId": "3B642F2C-D882-418E-8A24-6BD8C40DF42E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update15:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A78B7332-7A88-4BC3-9816-60438392C96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update16:*:*:long_term_support:*:*:*",
"matchCriteriaId": "B53E159E-9723-4AA2-AA30-B20FB8BE1823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update17:*:*:long_term_support:*:*:*",
"matchCriteriaId": "8BBC6429-3B3A-4CB2-9829-F0B3DEE23CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update18:*:*:long_term_support:*:*:*",
"matchCriteriaId": "D55E7CCF-A94E-469A-95EC-37D378AAFB62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update19:*:*:long_term_support:*:*:*",
"matchCriteriaId": "CB6149B2-EDDA-4AB0-B089-5F165776194E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update2:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E14C97A1-E3A1-44E4-9400-D2338809857A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update20:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E9CA17B2-29B0-440E-9941-A286F11D3FBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update21:*:*:long_term_support:*:*:*",
"matchCriteriaId": "C2DF06E1-A427-4F8C-B317-9BD4DF53BB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update22:*:*:long_term_support:*:*:*",
"matchCriteriaId": "B5660651-78FC-4EB3-9C63-02AE21098F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update23:*:*:long_term_support:*:*:*",
"matchCriteriaId": "84CB2D0C-D84D-420C-9BB7-1744F9D106D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update24:*:*:long_term_support:*:*:*",
"matchCriteriaId": "5E889298-AF8C-41FB-9130-5E977D4A9F5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update25:*:*:long_term_support:*:*:*",
"matchCriteriaId": "519FABA6-389D-4F7A-994A-0B6840FC01D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update26:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2BABC000-62AE-48EA-952E-E2735702C5FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update27:*:*:long_term_support:*:*:*",
"matchCriteriaId": "60502D21-2275-4A71-A1C3-E9F7730DC26F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update3:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F0A6CCFE-B2ED-495C-BAA7-6EBD86DB4DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update4:*:*:long_term_support:*:*:*",
"matchCriteriaId": "625C44C4-6753-43F4-BD40-BC7B0BD4D063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update5:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A0A04ED2-5ED5-46E3-BE03-79AD3B31F08F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update6:*:*:long_term_support:*:*:*",
"matchCriteriaId": "8677CC3F-D1C5-493F-9078-3C47DE38C3C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update7:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F7D02C0C-CCA6-45DB-A3CC-8CB3454FE4DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update8:*:*:long_term_support:*:*:*",
"matchCriteriaId": "08C0A5A4-5F01-4DDE-84A2-816DEAA2CF3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update9:*:*:long_term_support:*:*:*",
"matchCriteriaId": "3807FB6F-B75B-425D-BF5F-0B6C2501908E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:-:*:*:long_term_support:*:*:*",
"matchCriteriaId": "7D8B777A-D631-476A-B161-D704F25A9BD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update1:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F2239884-756F-4032-BC83-38969192C062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update10:*:*:long_term_support:*:*:*",
"matchCriteriaId": "C85FB7B4-15AB-4D71-B8E4-FD72BCA47943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update11:*:*:long_term_support:*:*:*",
"matchCriteriaId": "EEBC3261-6785-494A-AF69-9B9E92C1C449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update12:*:*:long_term_support:*:*:*",
"matchCriteriaId": "4BDE013F-B4E8-433C-BD95-E6578E8B6E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update13:*:*:long_term_support:*:*:*",
"matchCriteriaId": "1BD1467E-E658-4F27-8123-6C27C99E95A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update14:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A9611071-E484-4F32-8F18-FD299A60E335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update15:*:*:long_term_support:*:*:*",
"matchCriteriaId": "D65290CE-9638-45C4-96F9-C0B676FAA834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update16:*:*:long_term_support:*:*:*",
"matchCriteriaId": "D257AA23-A28F-4110-819F-7D0F246DD2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update17:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A9F8542C-ED04-483C-AB27-D4FE55558951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update18:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2616E2DF-8FB3-4B8C-B329-334D794242E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update19:*:*:long_term_support:*:*:*",
"matchCriteriaId": "9C9471AE-E7C2-4789-907D-EC5F1195431E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update2:*:*:long_term_support:*:*:*",
"matchCriteriaId": "4CB292C1-9467-4987-B670-927287503F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update20:*:*:long_term_support:*:*:*",
"matchCriteriaId": "0418BDF2-673B-40CF-BC64-7C4C24AA72FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update21:*:*:long_term_support:*:*:*",
"matchCriteriaId": "14370D4B-5141-4581-8F92-7F9BDB885282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update3:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2D2D0C04-948C-4B24-A6EC-FB54A57077F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update4:*:*:long_term_support:*:*:*",
"matchCriteriaId": "6F454D5A-1C03-42F6-8639-FC550F5D8B48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update5:*:*:long_term_support:*:*:*",
"matchCriteriaId": "1A824F50-CB92-4FE2-B097-C4DD9E8D65FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update6:*:*:long_term_support:*:*:*",
"matchCriteriaId": "DB62D225-22C1-4452-856A-EFE31CC6FA0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update7:*:*:long_term_support:*:*:*",
"matchCriteriaId": "FD084BE9-D333-4495-874D-4E7DF892494D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update8:*:*:long_term_support:*:*:*",
"matchCriteriaId": "B1CB2EC1-3CEF-4033-A6BB-328D53752BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update9:*:*:long_term_support:*:*:*",
"matchCriteriaId": "ED56C9F2-19A4-4E1E-BF02-8E192415E09F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en Trend Micro Deep Security y Cloud One - Workload Security Agent para Linux versi\u00f3n 20 y anteriores, podr\u00eda permitir a un atacante leer archivos arbitrarios del sistema de archivos. Nota: un atacante debe obtener primero un acceso comprometido al Deep Security Manager (DSM) de destino o el agente de destino no debe estar a\u00fan activado o configurado para poder explotar esta vulnerabilidad"
}
],
"id": "CVE-2022-23119",
"lastModified": "2024-11-21T06:48:02.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-20T19:15:07.907",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/000290104"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/000290104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-20 19:15
Modified
2024-11-21 06:48
Severity ?
Summary
A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | https://success.trendmicro.com/solution/000290104 | Mitigation, Patch, Vendor Advisory | |
| security@trendmicro.com | https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://success.trendmicro.com/solution/000290104 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:*:*:*:*:long_term_support:*:*:*",
"matchCriteriaId": "B0C257E3-8965-419B-A1CF-A36A0694E772",
"versionEndExcluding": "20.0.0-3445",
"versionStartIncluding": "20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:-:*:*:long_term_support:*:*:*",
"matchCriteriaId": "321EB924-8AD5-4BA2-808A-25F802B675B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update1:*:*:long_term_support:*:*:*",
"matchCriteriaId": "09B1BB7D-D806-43B6-B9C4-D7996545C92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update10:*:*:long_term_support:*:*:*",
"matchCriteriaId": "FC319EA4-53C8-4DE2-AA77-AF51EF8EE2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update11:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E75B8D37-71C4-46D8-BDEA-4092D3EA422A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update12:*:*:long_term_support:*:*:*",
"matchCriteriaId": "43976B40-11D5-43AB-9204-6D749204121B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update13:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F3D52AB1-7932-4257-A779-76A10FBEE4A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update14:*:*:long_term_support:*:*:*",
"matchCriteriaId": "BD9BD10B-BE86-47AC-AB0C-A107A066B234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update15:*:*:long_term_support:*:*:*",
"matchCriteriaId": "36FED81B-AE50-42EB-9F86-37EF97C9453F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update16:*:*:long_term_support:*:*:*",
"matchCriteriaId": "B7410926-0A0F-4D7D-93AE-11812B0BFAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update17:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E28EE556-D322-4B03-9C8B-F6DE9A73E3F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update18:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A009F12A-125E-4B4C-ABAD-AFDF52AC9E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update19:*:*:long_term_support:*:*:*",
"matchCriteriaId": "3A165D79-C3B8-453B-B845-FE7C75FCD887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update2:*:*:long_term_support:*:*:*",
"matchCriteriaId": "42B6F868-C72D-49D1-B70F-25F6BDCD9A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update20:*:*:long_term_support:*:*:*",
"matchCriteriaId": "7130DB44-4550-4D28-8114-2C89C7490C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update21:*:*:long_term_support:*:*:*",
"matchCriteriaId": "283217E3-921F-407C-B08A-5D71C4A39AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update22:*:*:long_term_support:*:*:*",
"matchCriteriaId": "353D2026-D8DA-4C4B-A933-6BF33C85751E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update23:*:*:long_term_support:*:*:*",
"matchCriteriaId": "BF1DCC0C-E834-436F-8FB1-BD3E857FDCF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update24:*:*:long_term_support:*:*:*",
"matchCriteriaId": "EC19A050-324B-427A-BE1C-B9030A07DB7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update25:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E06D04C4-B1F2-4CC0-BD7D-1125001A2211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update26:*:*:long_term_support:*:*:*",
"matchCriteriaId": "14E90A61-DEC5-4EF0-BFD2-6740F20A8E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update27:*:*:long_term_support:*:*:*",
"matchCriteriaId": "0FACE806-A137-4F32-A975-A0DCC7613252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update28:*:*:long_term_support:*:*:*",
"matchCriteriaId": "BDB1F56A-D134-49D8-88D0-F9E80E2051FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update29:*:*:long_term_support:*:*:*",
"matchCriteriaId": "EEC17CCA-83FF-45D3-9CDB-27C5E1FA1D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update3:*:*:long_term_support:*:*:*",
"matchCriteriaId": "03AC8F33-76DE-4159-8FB8-2552D420083A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update30:*:*:long_term_support:*:*:*",
"matchCriteriaId": "661512DC-94BF-4033-BCCF-CEB0B4CF30CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update31:*:*:long_term_support:*:*:*",
"matchCriteriaId": "7DBDF5F7-124B-4776-9803-6A03FEDB2075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update4:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F0D3A45A-1D11-45E0-92D3-E7398CB049E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update5:*:*:long_term_support:*:*:*",
"matchCriteriaId": "C22891AE-781F-4212-B1D3-9E4F5FB0C14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update6:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A71E3B80-F9A9-45F6-95F5-B6B352FAC27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update7:*:*:long_term_support:*:*:*",
"matchCriteriaId": "16AAC654-6F7E-4557-B03C-1EAD8C6ABB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update8:*:*:long_term_support:*:*:*",
"matchCriteriaId": "6E3B910C-0D6E-4E4A-BB0D-40A540AC3F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update9:*:*:long_term_support:*:*:*",
"matchCriteriaId": "12A1E116-286E-4A47-A44E-360EEA8880AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:-:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E943BEB7-FE23-46EA-ADF0-7F98A4B3CA47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update1:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F88232D0-FEEF-485D-B1C9-221C4E967194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update10:*:*:long_term_support:*:*:*",
"matchCriteriaId": "7C108DC0-117F-46ED-9A72-D876D8203A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update11:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F67BDB9D-A5B8-4510-8C1D-963BBFF2DCA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update12:*:*:long_term_support:*:*:*",
"matchCriteriaId": "1DBFF14B-08E0-4A49-8A74-919F3A5A3D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update13:*:*:long_term_support:*:*:*",
"matchCriteriaId": "B909B6D7-52B8-4165-9864-3A05F25EC25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update14:*:*:long_term_support:*:*:*",
"matchCriteriaId": "3B642F2C-D882-418E-8A24-6BD8C40DF42E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update15:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A78B7332-7A88-4BC3-9816-60438392C96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update16:*:*:long_term_support:*:*:*",
"matchCriteriaId": "B53E159E-9723-4AA2-AA30-B20FB8BE1823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update17:*:*:long_term_support:*:*:*",
"matchCriteriaId": "8BBC6429-3B3A-4CB2-9829-F0B3DEE23CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update18:*:*:long_term_support:*:*:*",
"matchCriteriaId": "D55E7CCF-A94E-469A-95EC-37D378AAFB62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update19:*:*:long_term_support:*:*:*",
"matchCriteriaId": "CB6149B2-EDDA-4AB0-B089-5F165776194E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update2:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E14C97A1-E3A1-44E4-9400-D2338809857A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update20:*:*:long_term_support:*:*:*",
"matchCriteriaId": "E9CA17B2-29B0-440E-9941-A286F11D3FBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update21:*:*:long_term_support:*:*:*",
"matchCriteriaId": "C2DF06E1-A427-4F8C-B317-9BD4DF53BB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update22:*:*:long_term_support:*:*:*",
"matchCriteriaId": "B5660651-78FC-4EB3-9C63-02AE21098F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update23:*:*:long_term_support:*:*:*",
"matchCriteriaId": "84CB2D0C-D84D-420C-9BB7-1744F9D106D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update24:*:*:long_term_support:*:*:*",
"matchCriteriaId": "5E889298-AF8C-41FB-9130-5E977D4A9F5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update25:*:*:long_term_support:*:*:*",
"matchCriteriaId": "519FABA6-389D-4F7A-994A-0B6840FC01D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update26:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2BABC000-62AE-48EA-952E-E2735702C5FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update27:*:*:long_term_support:*:*:*",
"matchCriteriaId": "60502D21-2275-4A71-A1C3-E9F7730DC26F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update3:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F0A6CCFE-B2ED-495C-BAA7-6EBD86DB4DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update4:*:*:long_term_support:*:*:*",
"matchCriteriaId": "625C44C4-6753-43F4-BD40-BC7B0BD4D063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update5:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A0A04ED2-5ED5-46E3-BE03-79AD3B31F08F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update6:*:*:long_term_support:*:*:*",
"matchCriteriaId": "8677CC3F-D1C5-493F-9078-3C47DE38C3C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update7:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F7D02C0C-CCA6-45DB-A3CC-8CB3454FE4DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update8:*:*:long_term_support:*:*:*",
"matchCriteriaId": "08C0A5A4-5F01-4DDE-84A2-816DEAA2CF3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update9:*:*:long_term_support:*:*:*",
"matchCriteriaId": "3807FB6F-B75B-425D-BF5F-0B6C2501908E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:-:*:*:long_term_support:*:*:*",
"matchCriteriaId": "7D8B777A-D631-476A-B161-D704F25A9BD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update1:*:*:long_term_support:*:*:*",
"matchCriteriaId": "F2239884-756F-4032-BC83-38969192C062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update10:*:*:long_term_support:*:*:*",
"matchCriteriaId": "C85FB7B4-15AB-4D71-B8E4-FD72BCA47943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update11:*:*:long_term_support:*:*:*",
"matchCriteriaId": "EEBC3261-6785-494A-AF69-9B9E92C1C449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update12:*:*:long_term_support:*:*:*",
"matchCriteriaId": "4BDE013F-B4E8-433C-BD95-E6578E8B6E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update13:*:*:long_term_support:*:*:*",
"matchCriteriaId": "1BD1467E-E658-4F27-8123-6C27C99E95A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update14:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A9611071-E484-4F32-8F18-FD299A60E335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update15:*:*:long_term_support:*:*:*",
"matchCriteriaId": "D65290CE-9638-45C4-96F9-C0B676FAA834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update16:*:*:long_term_support:*:*:*",
"matchCriteriaId": "D257AA23-A28F-4110-819F-7D0F246DD2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update17:*:*:long_term_support:*:*:*",
"matchCriteriaId": "A9F8542C-ED04-483C-AB27-D4FE55558951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update18:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2616E2DF-8FB3-4B8C-B329-334D794242E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update19:*:*:long_term_support:*:*:*",
"matchCriteriaId": "9C9471AE-E7C2-4789-907D-EC5F1195431E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update2:*:*:long_term_support:*:*:*",
"matchCriteriaId": "4CB292C1-9467-4987-B670-927287503F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update20:*:*:long_term_support:*:*:*",
"matchCriteriaId": "0418BDF2-673B-40CF-BC64-7C4C24AA72FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update21:*:*:long_term_support:*:*:*",
"matchCriteriaId": "14370D4B-5141-4581-8F92-7F9BDB885282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update3:*:*:long_term_support:*:*:*",
"matchCriteriaId": "2D2D0C04-948C-4B24-A6EC-FB54A57077F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update4:*:*:long_term_support:*:*:*",
"matchCriteriaId": "6F454D5A-1C03-42F6-8639-FC550F5D8B48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update5:*:*:long_term_support:*:*:*",
"matchCriteriaId": "1A824F50-CB92-4FE2-B097-C4DD9E8D65FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update6:*:*:long_term_support:*:*:*",
"matchCriteriaId": "DB62D225-22C1-4452-856A-EFE31CC6FA0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update7:*:*:long_term_support:*:*:*",
"matchCriteriaId": "FD084BE9-D333-4495-874D-4E7DF892494D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update8:*:*:long_term_support:*:*:*",
"matchCriteriaId": "B1CB2EC1-3CEF-4033-A6BB-328D53752BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update9:*:*:long_term_support:*:*:*",
"matchCriteriaId": "ED56C9F2-19A4-4E1E-BF02-8E192415E09F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en Trend Micro Deep Security y Cloud One - Workload Security Agent para Linux versi\u00f3n 20 y anteriores, podr\u00eda permitir a un atacante escalar privilegios y ejecutar c\u00f3digo arbitrario en el contexto de root. Nota: un atacante debe obtener primero acceso al agente de destino en un estado no activado y no configurado para poder explotar esta vulnerabilidad"
}
],
"id": "CVE-2022-23120",
"lastModified": "2024-11-21T06:48:02.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-20T19:15:07.957",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/000290104"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://success.trendmicro.com/solution/000290104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}