Request a Demo
Rewterz
Rewterz Threat Alert – New Ransomware Identified – White Rabbit – Active IOCs
January 21, 2022
Rewterz
Rewterz Threat Advisory – CVE-2022-21704 – log4js-node module for Node.js Vulnerability
January 23, 2022

Rewterz Threat Advisory – Multiple Trend Micro Deep Security and Cloud One Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-23120

Trend Micro Deep Security and Cloud One could allow a local authenticated attacker to gain elevated privileges on the system, caused by a code injection vulnerability. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges.

CVE-2022-23119

Trend Micro Deep Security and Cloud One could allow a local authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to the script containing “dot dot” sequences to view arbitrary files on the system.

Impact

  • Privilege Escalation
  • Unauthorized Access

Affected Vendors

Trend Micro

Affected Products

  • Trend Micro Deep Security Agent 20

Remediation

Refer to Trend Micro Advisory for patch, upgrade, or suggested workaround information.

https://success.trendmicro.com/solution/000290104