CVE-2022-40708

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
trendmicroCNA
---
---
CVEADP
---
---
CISA-ADPADP
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
trendmicrodeep_security_agent
20.0
trendmicrodeep_security_agent
20.0:update1337
trendmicrodeep_security_agent
20.0:update1559
trendmicrodeep_security_agent
20.0:update158
trendmicrodeep_security_agent
20.0:update167
trendmicrodeep_security_agent
20.0:update1681
trendmicrodeep_security_agent
20.0:update173
trendmicrodeep_security_agent
20.0:update180
trendmicrodeep_security_agent
20.0:update182
trendmicrodeep_security_agent
20.0:update1822
trendmicrodeep_security_agent
20.0:update183
trendmicrodeep_security_agent
20.0:update1876
trendmicrodeep_security_agent
20.0:update190
trendmicrodeep_security_agent
20.0:update198
trendmicrodeep_security_agent
20.0:update2009
trendmicrodeep_security_agent
20.0:update208
trendmicrodeep_security_agent
20.0:update213
trendmicrodeep_security_agent
20.0:update2204
trendmicrodeep_security_agent
20.0:update223
trendmicrodeep_security_agent
20.0:update224
trendmicrodeep_security_agent
20.0:update2419
trendmicrodeep_security_agent
20.0:update2593
trendmicrodeep_security_agent
20.0:update2740
trendmicrodeep_security_agent
20.0:update2921
trendmicrodeep_security_agent
20.0:update3165
trendmicrodeep_security_agent
20.0:update3288
trendmicrodeep_security_agent
20.0:update3445
trendmicrodeep_security_agent
20.0:update3530
trendmicrodeep_security_agent
20.0:update3771
trendmicrodeep_security_agent
20.0:update3964
trendmicrodeep_security_agent
20.0:update4185
trendmicrodeep_security_agent
20.0:update4416
trendmicrodeep_security_agent
20.0:update4726
trendmicrodeep_security_agent
20.0:update4959
trendmicrodeep_security_agent
20.0:update5137
trendmicrodeep_security_agent
20.0:update877
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://success.trendmicro.com/solution/000291590
https://www.zerodayinitiative.com/advisories/ZDI-22-1298/
https://success.trendmicro.com/solution/000291590
https://www.zerodayinitiative.com/advisories/ZDI-22-1298/