cvelistv5 - cve-2022-40710

CVE-2022-40710 (GCVE-0-2022-40710)

Vulnerability from cvelistv5

Published

2022-09-28 21:10

Modified

2024-08-03 12:21

Severity ?

CWE

Link Following LPE

Summary

A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

References

URL

Tags

security@trendmicro.com	https://success.trendmicro.com/solution/000291590	Vendor Advisory
security@trendmicro.com	https://www.zerodayinitiative.com/advisories/ZDI-22-1296/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://success.trendmicro.com/solution/000291590	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-22-1296/	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	Trend Micro	Trend Micro Deep Security	Version: 20.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:21:46.609Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000291590"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Deep Security",
          "vendor": "Trend Micro",
          "versions": [
            {
              "lessThan": "20.0.0.5394",
              "status": "affected",
              "version": "20.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Link Following LPE",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-02T18:29:35.010Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000291590"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2022-40710",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Deep Security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "20"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Link Following LPE"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000291590",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000291590"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2022-40710",
    "datePublished": "2022-09-28T21:10:25",
    "dateReserved": "2022-09-14T00:00:00",
    "dateUpdated": "2024-08-03T12:21:46.609Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-40710\",\"sourceIdentifier\":\"security@trendmicro.com\",\"published\":\"2022-09-28T21:15:15.243\",\"lastModified\":\"2024-11-21T07:21:54.413\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de seguimiento de enlaces en Trend Micro Deep Security 20 y Cloud One - Workload Security Agent para Windows podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Nota: un atacante debe obtener primero la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:-:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"34026BD4-6637-4267-BAFC-BF25927AF220\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"395BE207-3450-4DD8-A5B4-CA005A8A29E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"10692943-0205-42F3-8EBC-64499CC0A3D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update158:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"4CD4971B-80E4-45E5-9895-34EA463D408C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update167:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"13310EBF-97B9-4266-9384-82550A55EBC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update173:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"B5363299-C02D-4AB8-8C48-0A3AFF4F2D33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update180:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"A2A56B00-44A5-451C-B8D0-19097E3A9C69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update182:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"F1C90C28-9413-407B-BC1D-3F4037BDF235\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"6201FA1A-1F94-46DF-A7EE-6F4DE2910131\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update183:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"D2CD4BBE-7C1B-4FA8-98E5-D2DD2E2AAD26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"E667A20B-65ED-434F-8A5F-220C87B175EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update190:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"2F74BA58-9388-4715-9477-FC1005765FA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update198:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"8665FF69-6034-4D5F-8E2D-8DB1E07C7BE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"2CCE7E62-6CBE-476F-A9E5-52790F90E5BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update208:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"3912DDD3-A3B0-487F-A74A-9A529D69FFFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update213:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"4D555FC6-8986-4891-90CC-DB4F24990167\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"920B4F3B-2D78-4B71-8B65-8AEF6AF2C735\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update223:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"E68C5D12-3E35-43D3-A5A0-2C029EFA0182\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update224:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"0C49595B-D6E5-42CC-B634-5F14B868C341\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2419:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"236653DA-EE2C-4923-A5C8-CC32305626FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"A61BF475-18D9-4246-91C7-7A1B6A7B44AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"DC90635A-4FEB-4F7A-B0BD-D4CCD1183A3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"6D12CADF-AAA4-4E0B-93EC-81C5C3BDCA47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"9FD0C979-641F-482B-9D05-B3B9A5F6D443\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"F56F3E88-3E65-4C3E-932D-6C8404F5A1BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"2FF0DE00-851E-4185-8C0C-172252E3E7C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3530:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"57A322DB-9E37-4508-B904-51F0305D4B9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3771:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"9CEFF34B-1B17-416F-9068-9CE5DAC0F19D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"87A77C12-0F5C-4EA7-96BA-8B14E2795E69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"87821A85-93F2-422B-8876-CF3729D99594\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"F2F3C583-2A09-4448-B384-273B48D2B4E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"445BA171-0190-429A-8D4F-F857CEA5361E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"95889F1E-931E-40E4-99A1-9C1A4A8B0847\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://success.trendmicro.com/solution/000291590\",\"source\":\"security@trendmicro.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-22-1296/\",\"source\":\"security@trendmicro.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://success.trendmicro.com/solution/000291590\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-22-1296/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

fkie_cve-2022-40710

Vulnerability from fkie_nvd

Published

2022-09-28 21:15

Modified

2024-11-21 07:21

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@trendmicro.com	https://success.trendmicro.com/solution/000291590	Vendor Advisory
security@trendmicro.com	https://www.zerodayinitiative.com/advisories/ZDI-22-1296/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://success.trendmicro.com/solution/000291590	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-22-1296/	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
trendmicro	deep_security_agent	20.0
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:-:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "34026BD4-6637-4267-BAFC-BF25927AF220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "395BE207-3450-4DD8-A5B4-CA005A8A29E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "10692943-0205-42F3-8EBC-64499CC0A3D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update158:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "4CD4971B-80E4-45E5-9895-34EA463D408C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update167:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "13310EBF-97B9-4266-9384-82550A55EBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update173:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "B5363299-C02D-4AB8-8C48-0A3AFF4F2D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update180:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A2A56B00-44A5-451C-B8D0-19097E3A9C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update182:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F1C90C28-9413-407B-BC1D-3F4037BDF235",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6201FA1A-1F94-46DF-A7EE-6F4DE2910131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update183:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "D2CD4BBE-7C1B-4FA8-98E5-D2DD2E2AAD26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E667A20B-65ED-434F-8A5F-220C87B175EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update190:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2F74BA58-9388-4715-9477-FC1005765FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update198:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "8665FF69-6034-4D5F-8E2D-8DB1E07C7BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2CCE7E62-6CBE-476F-A9E5-52790F90E5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update208:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "3912DDD3-A3B0-487F-A74A-9A529D69FFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update213:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "4D555FC6-8986-4891-90CC-DB4F24990167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "920B4F3B-2D78-4B71-8B65-8AEF6AF2C735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update223:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "E68C5D12-3E35-43D3-A5A0-2C029EFA0182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update224:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C49595B-D6E5-42CC-B634-5F14B868C341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2419:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "236653DA-EE2C-4923-A5C8-CC32305626FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "A61BF475-18D9-4246-91C7-7A1B6A7B44AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "DC90635A-4FEB-4F7A-B0BD-D4CCD1183A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "6D12CADF-AAA4-4E0B-93EC-81C5C3BDCA47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9FD0C979-641F-482B-9D05-B3B9A5F6D443",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F56F3E88-3E65-4C3E-932D-6C8404F5A1BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "2FF0DE00-851E-4185-8C0C-172252E3E7C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3530:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "57A322DB-9E37-4508-B904-51F0305D4B9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3771:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "9CEFF34B-1B17-416F-9068-9CE5DAC0F19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87A77C12-0F5C-4EA7-96BA-8B14E2795E69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "87821A85-93F2-422B-8876-CF3729D99594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "F2F3C583-2A09-4448-B384-273B48D2B4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "445BA171-0190-429A-8D4F-F857CEA5361E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "95889F1E-931E-40E4-99A1-9C1A4A8B0847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*",
              "matchCriteriaId": "BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de seguimiento de enlaces en Trend Micro Deep Security 20 y Cloud One - Workload Security Agent para Windows podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Nota: un atacante debe obtener primero la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2022-40710",
  "lastModified": "2024-11-21T07:21:54.413",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-28T21:15:15.243",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/solution/000291590"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://success.trendmicro.com/solution/000291590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-99h4-v6gx-v3qp

Vulnerability from github

Published

2022-09-29 00:00

Modified

2024-02-27 21:31

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-40710"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-28T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
  "id": "GHSA-99h4-v6gx-v3qp",
  "modified": "2024-02-27T21:31:24Z",
  "published": "2022-09-29T00:00:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40710"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/solution/000291590"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2022-40710

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2022-40710

Aliases

CVE-2022-40710

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-40710",
    "description": "A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
    "id": "GSD-2022-40710"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-40710"
      ],
      "details": "A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
      "id": "GSD-2022-40710",
      "modified": "2023-12-13T01:19:30.273247Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@trendmicro.com",
        "ID": "CVE-2022-40710",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Trend Micro Deep Security",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "20.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Trend Micro"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Link Following LPE"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://success.trendmicro.com/solution/000291590",
            "refsource": "MISC",
            "url": "https://success.trendmicro.com/solution/000291590"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:-:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "34026BD4-6637-4267-BAFC-BF25927AF220",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "395BE207-3450-4DD8-A5B4-CA005A8A29E8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "10692943-0205-42F3-8EBC-64499CC0A3D4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update158:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "4CD4971B-80E4-45E5-9895-34EA463D408C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update167:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "13310EBF-97B9-4266-9384-82550A55EBC9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "F3DDAC1A-C2E5-4FFB-8A69-80819D39CF5E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update173:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "B5363299-C02D-4AB8-8C48-0A3AFF4F2D33",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update180:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "A2A56B00-44A5-451C-B8D0-19097E3A9C69",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update182:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "F1C90C28-9413-407B-BC1D-3F4037BDF235",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "6201FA1A-1F94-46DF-A7EE-6F4DE2910131",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update183:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "D2CD4BBE-7C1B-4FA8-98E5-D2DD2E2AAD26",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "E667A20B-65ED-434F-8A5F-220C87B175EB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update190:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "2F74BA58-9388-4715-9477-FC1005765FA9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update198:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "8665FF69-6034-4D5F-8E2D-8DB1E07C7BE5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "2CCE7E62-6CBE-476F-A9E5-52790F90E5BA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update208:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "3912DDD3-A3B0-487F-A74A-9A529D69FFFD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update213:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "4D555FC6-8986-4891-90CC-DB4F24990167",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "920B4F3B-2D78-4B71-8B65-8AEF6AF2C735",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update223:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "E68C5D12-3E35-43D3-A5A0-2C029EFA0182",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update224:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "0C49595B-D6E5-42CC-B634-5F14B868C341",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2419:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "236653DA-EE2C-4923-A5C8-CC32305626FB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "A61BF475-18D9-4246-91C7-7A1B6A7B44AF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "DC90635A-4FEB-4F7A-B0BD-D4CCD1183A3B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "6D12CADF-AAA4-4E0B-93EC-81C5C3BDCA47",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "9FD0C979-641F-482B-9D05-B3B9A5F6D443",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "F56F3E88-3E65-4C3E-932D-6C8404F5A1BC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "2FF0DE00-851E-4185-8C0C-172252E3E7C6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3530:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "57A322DB-9E37-4508-B904-51F0305D4B9B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3771:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "9CEFF34B-1B17-416F-9068-9CE5DAC0F19D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "87A77C12-0F5C-4EA7-96BA-8B14E2795E69",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "87821A85-93F2-422B-8876-CF3729D99594",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "0C3E959C-D6D5-4DF0-A26E-95EBDCB8C901",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "F2F3C583-2A09-4448-B384-273B48D2B4E8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "445BA171-0190-429A-8D4F-F857CEA5361E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "95889F1E-931E-40E4-99A1-9C1A4A8B0847",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*",
                    "matchCriteriaId": "BF1E7ABB-DEF9-4CBD-B269-3091DC1CF2A4",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              },
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                    "vulnerable": false
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ],
            "operator": "AND"
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
          },
          {
            "lang": "es",
            "value": "Una vulnerabilidad de seguimiento de enlaces en Trend Micro Deep Security 20 y Cloud One - Workload Security Agent para Windows podr\u00eda permitir a un atacante local escalar privilegios en las instalaciones afectadas. Nota: un atacante debe obtener primero la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad"
          }
        ],
        "id": "CVE-2022-40710",
        "lastModified": "2024-02-27T20:40:06.617",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2022-09-28T21:15:15.243",
        "references": [
          {
            "source": "security@trendmicro.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://success.trendmicro.com/solution/000291590"
          },
          {
            "source": "security@trendmicro.com",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296/"
          }
        ],
        "sourceIdentifier": "security@trendmicro.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-59"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

cve-2022-40710

Vulnerability from jvndb

Published

2022-10-11 17:02

Modified

2024-06-13 14:30

Severity ?

7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security agents for Windows

Details

Trend Micro Incorporated has released a security update for Trend Micro Deep Security and Cloud One - Workload Security agents for Windows. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

References

Type

URL

	JVN	https://jvn.jp/en/vu/JVNVU99960963/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-40707
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-40708
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-40709
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-40710
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-40707
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-40708
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-40709
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-40710
	Out-of-bounds Read(CWE-125)	https://cwe.mitre.org/data/definitions/125.html
	Link Following(CWE-59)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Trend Micro, Inc.	Cloud One Workload Security
	Trend Micro, Inc.	Deep Security Agent

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002448.html",
  "dc:date": "2024-06-13T14:30+09:00",
  "dcterms:issued": "2022-10-11T17:02+09:00",
  "dcterms:modified": "2024-06-13T14:30+09:00",
  "description": "Trend Micro Incorporated has released a security update for Trend Micro Deep Security and Cloud One - Workload Security agents for Windows.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002448.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:trendmicro:cloud_one_workload_security",
      "@product": "Cloud One Workload Security",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:deep_security_agent",
      "@product": "Deep Security Agent",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2022-002448",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU99960963/index.html",
      "@id": "JVNVU#99960963",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-40707",
      "@id": "CVE-2022-40707",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-40708",
      "@id": "CVE-2022-40708",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-40709",
      "@id": "CVE-2022-40709",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-40710",
      "@id": "CVE-2022-40710",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-40707",
      "@id": "CVE-2022-40707",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-40708",
      "@id": "CVE-2022-40708",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-40709",
      "@id": "CVE-2022-40709",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-40710",
      "@id": "CVE-2022-40710",
      "@source": "NVD"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/125.html",
      "@id": "CWE-125",
      "@title": "Out-of-bounds Read(CWE-125)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-59",
      "@title": "Link Following(CWE-59)"
    }
  ],
  "title": "Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security agents for Windows"
}

CERTFR-2022-AVI-852

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans TrendMicro Deep Security Agent. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Trend Micro	Deep Security Agent	Deep Security Agent verisons antérieures à 20.0.0-5394 pour Windows (20 LTS Update 2022-08-29 )

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-40710 (GCVE-0-2022-40710)

Vulnerability from cvelistv5

fkie_cve-2022-40710

Vulnerability from fkie_nvd

ghsa-99h4-v6gx-v3qp

Vulnerability from github

gsd-2022-40710

Vulnerability from gsd

cve-2022-40710

Vulnerability from jvndb

CERTFR-2022-AVI-852

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature