Lucene search

TrendmicroCVE-2022-33158

HistoryJul 30, 2022 - 12:15 a.m.

CVE-2022-33158

2022-07-3000:15:08

CWE-552

trendmicro

web.nvd.nist.gov

cve-2022-33158

trend micro

vpn

proxy pro

vulnerability

privilege escalation

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

15.9%

JSON

Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system.

Affected configurations

Nvd

Node

trendmicrovpn_proxy_one_proRange≤5.2.1026

AND

microsoftwindowsMatch-

VendorProductVersionCPE
trendmicrovpn_proxy_one_pro*cpe:2.3:a:trendmicro:vpn_proxy_one_pro:*:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
trendmicro	vpn_proxy_one_pro	*	cpe:2.3:a:trendmicro:vpn_proxy_one_pro::::::::
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

CNA Affected

[
  {
    "product": "Trend Micro VPN Proxy One Pro (Consumer)",
    "vendor": "Trend Micro",
    "versions": [
      {
        "status": "affected",
        "version": "5.2.1026 and below"
      }
    ]
  }
]

References

helpcenter.trendmicro.com/en-us/article/tmka-11042

www.zerodayinitiative.com/advisories/ZDI-22-853/

Social References

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

15.9%

JSON

Related for CVE-2022-33158