Lucene search
HistoryJan 23, 2024 - 9:15 p.m.
CVE-2023-52338
cve-2023-52338
trend micro
deep security
cloud one
endpoint security
workload security
vulnerability
privilege escalation
nvd
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
15.7%
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Affected configurations
Node
trendmicrodeep_securityMatch20.0-
ORtrendmicrodeep_security_agentMatch20.0update1337long_term_support
ORtrendmicrodeep_security_agentMatch20.0update1559long_term_support
ORtrendmicrodeep_security_agentMatch20.0update158long_term_support
ORtrendmicrodeep_security_agentMatch20.0update167long_term_support
ORtrendmicrodeep_security_agentMatch20.0update1681long_term_support
ORtrendmicrodeep_security_agentMatch20.0update173long_term_support
ORtrendmicrodeep_security_agentMatch20.0update180long_term_support
ORtrendmicrodeep_security_agentMatch20.0update182long_term_support
ORtrendmicrodeep_security_agentMatch20.0update1822long_term_support
ORtrendmicrodeep_security_agentMatch20.0update183long_term_support
ORtrendmicrodeep_security_agentMatch20.0update1876long_term_support
ORtrendmicrodeep_security_agentMatch20.0update190long_term_support
ORtrendmicrodeep_security_agentMatch20.0update198long_term_support
ORtrendmicrodeep_security_agentMatch20.0update2009long_term_support
ORtrendmicrodeep_security_agentMatch20.0update208long_term_support
ORtrendmicrodeep_security_agentMatch20.0update213long_term_support
ORtrendmicrodeep_security_agentMatch20.0update2204long_term_support
ORtrendmicrodeep_security_agentMatch20.0update223long_term_support
ORtrendmicrodeep_security_agentMatch20.0update224long_term_support
ORtrendmicrodeep_security_agentMatch20.0update2419long_term_support
ORtrendmicrodeep_security_agentMatch20.0update2593long_term_support
ORtrendmicrodeep_security_agentMatch20.0update2740long_term_support
ORtrendmicrodeep_security_agentMatch20.0update2921long_term_support
ORtrendmicrodeep_security_agentMatch20.0update3165long_term_support
ORtrendmicrodeep_security_agentMatch20.0update3288long_term_support
ORtrendmicrodeep_security_agentMatch20.0update3445long_term_support
ORtrendmicrodeep_security_agentMatch20.0update3530long_term_support
ORtrendmicrodeep_security_agentMatch20.0update3771long_term_support
ORtrendmicrodeep_security_agentMatch20.0update3964long_term_support
ORtrendmicrodeep_security_agentMatch20.0update4185long_term_support
ORtrendmicrodeep_security_agentMatch20.0update4416long_term_support
ORtrendmicrodeep_security_agentMatch20.0update4726long_term_support
ORtrendmicrodeep_security_agentMatch20.0update4959long_term_support
ORtrendmicrodeep_security_agentMatch20.0update5137long_term_support
ORtrendmicrodeep_security_agentMatch20.0update5394long_term_support
ORtrendmicrodeep_security_agentMatch20.0update5512long_term_support
ORtrendmicrodeep_security_agentMatch20.0update5810long_term_support
ORtrendmicrodeep_security_agentMatch20.0update5995long_term_support
ORtrendmicrodeep_security_agentMatch20.0update6313long_term_support
ORtrendmicrodeep_security_agentMatch20.0update6690long_term_support
ORtrendmicrodeep_security_agentMatch20.0update6860long_term_support
ORtrendmicrodeep_security_agentMatch20.0update7119long_term_support
ORtrendmicrodeep_security_agentMatch20.0update7303long_term_support
ORtrendmicrodeep_security_agentMatch20.0update7476long_term_support
ORtrendmicrodeep_security_agentMatch20.0update7719long_term_support
ORtrendmicrodeep_security_agentMatch20.0update7943long_term_support
ORtrendmicrodeep_security_agentMatch20.0update8137long_term_support
ORtrendmicrodeep_security_agentMatch20.0update8268long_term_support
ORtrendmicrodeep_security_agentMatch20.0update877long_term_support
CNA Affected
[
{
"vendor": "Trend Micro, Inc.",
"product": "Trend Micro Deep Security Agent",
"versions": [
{
"version": "20.0",
"status": "affected",
"versionType": "semver",
"lessThan": "20.0.0-8438"
}
]
}
]Related
prion
prion
Spoofing
2024-01-23 21:15:00
cvelist
cvelist
CVE-2023-52338
2024-01-23 20:43:13
zdi
zdi
nvd
nvd
CVE-2023-52338
2024-01-23 21:15:09
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
15.7%
Related for CVE-2023-52338