CVE-2023-52338

A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
trendmicroCNA
---
---
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
trendmicrodeep_security
20.0
trendmicrodeep_security_agent
20.0:update1337
trendmicrodeep_security_agent
20.0:update1559
trendmicrodeep_security_agent
20.0:update158
trendmicrodeep_security_agent
20.0:update167
trendmicrodeep_security_agent
20.0:update1681
trendmicrodeep_security_agent
20.0:update173
trendmicrodeep_security_agent
20.0:update180
trendmicrodeep_security_agent
20.0:update182
trendmicrodeep_security_agent
20.0:update1822
trendmicrodeep_security_agent
20.0:update183
trendmicrodeep_security_agent
20.0:update1876
trendmicrodeep_security_agent
20.0:update190
trendmicrodeep_security_agent
20.0:update198
trendmicrodeep_security_agent
20.0:update2009
trendmicrodeep_security_agent
20.0:update208
trendmicrodeep_security_agent
20.0:update213
trendmicrodeep_security_agent
20.0:update2204
trendmicrodeep_security_agent
20.0:update223
trendmicrodeep_security_agent
20.0:update224
trendmicrodeep_security_agent
20.0:update2419
trendmicrodeep_security_agent
20.0:update2593
trendmicrodeep_security_agent
20.0:update2740
trendmicrodeep_security_agent
20.0:update2921
trendmicrodeep_security_agent
20.0:update3165
trendmicrodeep_security_agent
20.0:update3288
trendmicrodeep_security_agent
20.0:update3445
trendmicrodeep_security_agent
20.0:update3530
trendmicrodeep_security_agent
20.0:update3771
trendmicrodeep_security_agent
20.0:update3964
trendmicrodeep_security_agent
20.0:update4185
trendmicrodeep_security_agent
20.0:update4416
trendmicrodeep_security_agent
20.0:update4726
trendmicrodeep_security_agent
20.0:update4959
trendmicrodeep_security_agent
20.0:update5137
trendmicrodeep_security_agent
20.0:update5394
trendmicrodeep_security_agent
20.0:update5512
trendmicrodeep_security_agent
20.0:update5810
trendmicrodeep_security_agent
20.0:update5995
trendmicrodeep_security_agent
20.0:update6313
trendmicrodeep_security_agent
20.0:update6690
trendmicrodeep_security_agent
20.0:update6860
trendmicrodeep_security_agent
20.0:update7119
trendmicrodeep_security_agent
20.0:update7303
trendmicrodeep_security_agent
20.0:update7476
trendmicrodeep_security_agent
20.0:update7719
trendmicrodeep_security_agent
20.0:update7943
trendmicrodeep_security_agent
20.0:update8137
trendmicrodeep_security_agent
20.0:update8268
trendmicrodeep_security_agent
20.0:update877
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-24-076/
https://success.trendmicro.com/dcx/s/solution/000296337?language=en_US
https://www.zerodayinitiative.com/advisories/ZDI-24-076/