Lucene search
HistoryJan 23, 2024 - 9:15 p.m.
CVE-2023-52338
cve-2023-52338
trend micro
deep security
cloud one
endpoint security
workload security
escalation of privileges
local attacker
low-privileged code
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
15.9%
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Affected configurations
Node
trendmicrodeep_securityMatch20.0-
ORtrendmicrodeep_security_agentMatch20.0update1337long_term_support
ORtrendmicrodeep_security_agentMatch20.0update1559long_term_support
ORtrendmicrodeep_security_agentMatch20.0update158long_term_support
ORtrendmicrodeep_security_agentMatch20.0update167long_term_support
ORtrendmicrodeep_security_agentMatch20.0update1681long_term_support
ORtrendmicrodeep_security_agentMatch20.0update173long_term_support
ORtrendmicrodeep_security_agentMatch20.0update180long_term_support
ORtrendmicrodeep_security_agentMatch20.0update182long_term_support
ORtrendmicrodeep_security_agentMatch20.0update1822long_term_support
ORtrendmicrodeep_security_agentMatch20.0update183long_term_support
ORtrendmicrodeep_security_agentMatch20.0update1876long_term_support
ORtrendmicrodeep_security_agentMatch20.0update190long_term_support
ORtrendmicrodeep_security_agentMatch20.0update198long_term_support
ORtrendmicrodeep_security_agentMatch20.0update2009long_term_support
ORtrendmicrodeep_security_agentMatch20.0update208long_term_support
ORtrendmicrodeep_security_agentMatch20.0update213long_term_support
ORtrendmicrodeep_security_agentMatch20.0update2204long_term_support
ORtrendmicrodeep_security_agentMatch20.0update223long_term_support
ORtrendmicrodeep_security_agentMatch20.0update224long_term_support
ORtrendmicrodeep_security_agentMatch20.0update2419long_term_support
ORtrendmicrodeep_security_agentMatch20.0update2593long_term_support
ORtrendmicrodeep_security_agentMatch20.0update2740long_term_support
ORtrendmicrodeep_security_agentMatch20.0update2921long_term_support
ORtrendmicrodeep_security_agentMatch20.0update3165long_term_support
ORtrendmicrodeep_security_agentMatch20.0update3288long_term_support
ORtrendmicrodeep_security_agentMatch20.0update3445long_term_support
ORtrendmicrodeep_security_agentMatch20.0update3530long_term_support
ORtrendmicrodeep_security_agentMatch20.0update3771long_term_support
ORtrendmicrodeep_security_agentMatch20.0update3964long_term_support
ORtrendmicrodeep_security_agentMatch20.0update4185long_term_support
ORtrendmicrodeep_security_agentMatch20.0update4416long_term_support
ORtrendmicrodeep_security_agentMatch20.0update4726long_term_support
ORtrendmicrodeep_security_agentMatch20.0update4959long_term_support
ORtrendmicrodeep_security_agentMatch20.0update5137long_term_support
ORtrendmicrodeep_security_agentMatch20.0update5394long_term_support
ORtrendmicrodeep_security_agentMatch20.0update5512long_term_support
ORtrendmicrodeep_security_agentMatch20.0update5810long_term_support
ORtrendmicrodeep_security_agentMatch20.0update5995long_term_support
ORtrendmicrodeep_security_agentMatch20.0update6313long_term_support
ORtrendmicrodeep_security_agentMatch20.0update6690long_term_support
ORtrendmicrodeep_security_agentMatch20.0update6860long_term_support
ORtrendmicrodeep_security_agentMatch20.0update7119long_term_support
ORtrendmicrodeep_security_agentMatch20.0update7303long_term_support
ORtrendmicrodeep_security_agentMatch20.0update7476long_term_support
ORtrendmicrodeep_security_agentMatch20.0update7719long_term_support
ORtrendmicrodeep_security_agentMatch20.0update7943long_term_support
ORtrendmicrodeep_security_agentMatch20.0update8137long_term_support
ORtrendmicrodeep_security_agentMatch20.0update8268long_term_support
ORtrendmicrodeep_security_agentMatch20.0update877long_term_support
| Vendor | Product | Version | CPE |
|---|---|---|---|
| trendmicro | deep_security | 20.0 | cpe:2.3:a:trendmicro:deep_security:20.0:-:*:*:*:*:*:* |
| trendmicro | deep_security_agent | 20.0 | cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:* |
| trendmicro | deep_security_agent | 20.0 | cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:* |
| trendmicro | deep_security_agent | 20.0 | cpe:2.3:a:trendmicro:deep_security_agent:20.0:update158:*:*:long_term_support:*:*:* |
| trendmicro | deep_security_agent | 20.0 | cpe:2.3:a:trendmicro:deep_security_agent:20.0:update167:*:*:long_term_support:*:*:* |
| trendmicro | deep_security_agent | 20.0 | cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:* |
| trendmicro | deep_security_agent | 20.0 | cpe:2.3:a:trendmicro:deep_security_agent:20.0:update173:*:*:long_term_support:*:*:* |
| trendmicro | deep_security_agent | 20.0 | cpe:2.3:a:trendmicro:deep_security_agent:20.0:update180:*:*:long_term_support:*:*:* |
| trendmicro | deep_security_agent | 20.0 | cpe:2.3:a:trendmicro:deep_security_agent:20.0:update182:*:*:long_term_support:*:*:* |
| trendmicro | deep_security_agent | 20.0 | cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:* |
Related
cve
cve
CVE-2023-52338
2024-01-23 21:15:09
vulnrichment
vulnrichment
CVE-2023-52338
2024-01-23 20:43:13
zdi
zdi
prion
prion
Spoofing
2024-01-23 21:15:00
cvelist
cvelist
CVE-2023-52338
2024-01-23 20:43:13
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
15.9%
Related for NVD:CVE-2023-52338