Vulnerabilities > CVE-2023-52337 - Unspecified vulnerability in Trendmicro Deep Security and Deep Security Agent

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

trendmicro

NVD

Published: 2024-01-23

Updated: 2024-11-21

Summary

An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Trendmicro Trendmicro Deep Security 20.0 Trendmicro Deep Security Agent 20.0	50

References

https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US
https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-24-075/
https://www.zerodayinitiative.com/advisories/ZDI-24-075/