CVE-2022-23120

Sažetak

A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.

Reference

https://success.trendmicro.com/solution/000290104
https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt

CVSS

Base:	6.9
Impact:	10.0
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

27-01-2022 - 15:59

Objavljeno

20-01-2022 - 19:15