Lucene search
HistoryJan 20, 2022 - 7:15 p.m.
CVE-2022-23120
cve-2022-23120
code injection
trend micro
deep security
cloud one
workload security
linux
privilege escalation
arbitrary code execution
nvd
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0005 Low
EPSS
Percentile
17.9%
A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.
Affected configurations
Node
trendmicrodeep_security_agentRange20.0β20.0.0-3445long_term_support
ORtrendmicrodeep_security_agentMatch10.0-long_term_support
ORtrendmicrodeep_security_agentMatch10.0update1long_term_support
ORtrendmicrodeep_security_agentMatch10.0update10long_term_support
ORtrendmicrodeep_security_agentMatch10.0update11long_term_support
ORtrendmicrodeep_security_agentMatch10.0update12long_term_support
ORtrendmicrodeep_security_agentMatch10.0update13long_term_support
ORtrendmicrodeep_security_agentMatch10.0update14long_term_support
ORtrendmicrodeep_security_agentMatch10.0update15long_term_support
ORtrendmicrodeep_security_agentMatch10.0update16long_term_support
ORtrendmicrodeep_security_agentMatch10.0update17long_term_support
ORtrendmicrodeep_security_agentMatch10.0update18long_term_support
ORtrendmicrodeep_security_agentMatch10.0update19long_term_support
ORtrendmicrodeep_security_agentMatch10.0update2long_term_support
ORtrendmicrodeep_security_agentMatch10.0update20long_term_support
ORtrendmicrodeep_security_agentMatch10.0update21long_term_support
ORtrendmicrodeep_security_agentMatch10.0update22long_term_support
ORtrendmicrodeep_security_agentMatch10.0update23long_term_support
ORtrendmicrodeep_security_agentMatch10.0update24long_term_support
ORtrendmicrodeep_security_agentMatch10.0update25long_term_support
ORtrendmicrodeep_security_agentMatch10.0update26long_term_support
ORtrendmicrodeep_security_agentMatch10.0update27long_term_support
ORtrendmicrodeep_security_agentMatch10.0update28long_term_support
ORtrendmicrodeep_security_agentMatch10.0update29long_term_support
ORtrendmicrodeep_security_agentMatch10.0update3long_term_support
ORtrendmicrodeep_security_agentMatch10.0update30long_term_support
ORtrendmicrodeep_security_agentMatch10.0update31long_term_support
ORtrendmicrodeep_security_agentMatch10.0update4long_term_support
ORtrendmicrodeep_security_agentMatch10.0update5long_term_support
ORtrendmicrodeep_security_agentMatch10.0update6long_term_support
ORtrendmicrodeep_security_agentMatch10.0update7long_term_support
ORtrendmicrodeep_security_agentMatch10.0update8long_term_support
ORtrendmicrodeep_security_agentMatch10.0update9long_term_support
ORtrendmicrodeep_security_agentMatch11.0-long_term_support
ORtrendmicrodeep_security_agentMatch11.0update1long_term_support
ORtrendmicrodeep_security_agentMatch11.0update10long_term_support
ORtrendmicrodeep_security_agentMatch11.0update11long_term_support
ORtrendmicrodeep_security_agentMatch11.0update12long_term_support
ORtrendmicrodeep_security_agentMatch11.0update13long_term_support
ORtrendmicrodeep_security_agentMatch11.0update14long_term_support
ORtrendmicrodeep_security_agentMatch11.0update15long_term_support
ORtrendmicrodeep_security_agentMatch11.0update16long_term_support
ORtrendmicrodeep_security_agentMatch11.0update17long_term_support
ORtrendmicrodeep_security_agentMatch11.0update18long_term_support
ORtrendmicrodeep_security_agentMatch11.0update19long_term_support
ORtrendmicrodeep_security_agentMatch11.0update2long_term_support
ORtrendmicrodeep_security_agentMatch11.0update20long_term_support
ORtrendmicrodeep_security_agentMatch11.0update21long_term_support
ORtrendmicrodeep_security_agentMatch11.0update22long_term_support
ORtrendmicrodeep_security_agentMatch11.0update23long_term_support
ORtrendmicrodeep_security_agentMatch11.0update24long_term_support
ORtrendmicrodeep_security_agentMatch11.0update25long_term_support
ORtrendmicrodeep_security_agentMatch11.0update26long_term_support
ORtrendmicrodeep_security_agentMatch11.0update27long_term_support
ORtrendmicrodeep_security_agentMatch11.0update3long_term_support
ORtrendmicrodeep_security_agentMatch11.0update4long_term_support
ORtrendmicrodeep_security_agentMatch11.0update5long_term_support
ORtrendmicrodeep_security_agentMatch11.0update6long_term_support
ORtrendmicrodeep_security_agentMatch11.0update7long_term_support
ORtrendmicrodeep_security_agentMatch11.0update8long_term_support
ORtrendmicrodeep_security_agentMatch11.0update9long_term_support
ORtrendmicrodeep_security_agentMatch12.0-long_term_support
ORtrendmicrodeep_security_agentMatch12.0update1long_term_support
ORtrendmicrodeep_security_agentMatch12.0update10long_term_support
ORtrendmicrodeep_security_agentMatch12.0update11long_term_support
ORtrendmicrodeep_security_agentMatch12.0update12long_term_support
ORtrendmicrodeep_security_agentMatch12.0update13long_term_support
ORtrendmicrodeep_security_agentMatch12.0update14long_term_support
ORtrendmicrodeep_security_agentMatch12.0update15long_term_support
ORtrendmicrodeep_security_agentMatch12.0update16long_term_support
ORtrendmicrodeep_security_agentMatch12.0update17long_term_support
ORtrendmicrodeep_security_agentMatch12.0update18long_term_support
ORtrendmicrodeep_security_agentMatch12.0update19long_term_support
ORtrendmicrodeep_security_agentMatch12.0update2long_term_support
ORtrendmicrodeep_security_agentMatch12.0update20long_term_support
ORtrendmicrodeep_security_agentMatch12.0update21long_term_support
ORtrendmicrodeep_security_agentMatch12.0update3long_term_support
ORtrendmicrodeep_security_agentMatch12.0update4long_term_support
ORtrendmicrodeep_security_agentMatch12.0update5long_term_support
ORtrendmicrodeep_security_agentMatch12.0update6long_term_support
ORtrendmicrodeep_security_agentMatch12.0update7long_term_support
ORtrendmicrodeep_security_agentMatch12.0update8long_term_support
ORtrendmicrodeep_security_agentMatch12.0update9long_term_support
linuxlinux_kernelMatch-
CNA Affected
[
{
"product": "Trend Micro Deep Security Agent for Linux",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "20, 12, 11, 10"
}
]
}
]Related
nvd
nvd
CVE-2022-23120
2022-01-20 19:15:07
checkpoint_advisories
checkpoint_advisories
Trend Micro Deep Security Agent Code Injection (CVE-2022-23120)
2022-03-14 00:00:00
prion
prion
Code injection
2022-01-20 19:15:00
cvelist
cvelist
CVE-2022-23120
2022-01-20 18:11:18
cnvd
cnvd
Trend Micro Deep Security代η 注ε
₯ζΌζ΄
2022-01-23 00:00:00
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0005 Low
EPSS
Percentile
17.9%
Related for CVE-2022-23120