CVE-2024-36358

A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
trendmicroCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
trendmicrodeep_security_agent
20.0:update1194
trendmicrodeep_security_agent
20.0:update1304
trendmicrodeep_security_agent
20.0:update1337
trendmicrodeep_security_agent
20.0:update1559
trendmicrodeep_security_agent
20.0:update1681
trendmicrodeep_security_agent
20.0:update1822
trendmicrodeep_security_agent
20.0:update1876
trendmicrodeep_security_agent
20.0:update2009
trendmicrodeep_security_agent
20.0:update2204
trendmicrodeep_security_agent
20.0:update2395
trendmicrodeep_security_agent
20.0:update2593
trendmicrodeep_security_agent
20.0:update2971
trendmicrodeep_security_agent
20.0:update3165
trendmicrodeep_security_agent
20.0:update3288
trendmicrodeep_security_agent
20.0:update3445
trendmicrodeep_security_agent
20.0:update3770
trendmicrodeep_security_agent
20.0:update4185
trendmicrodeep_security_agent
20.0:update4416
trendmicrodeep_security_agent
20.0:update4726
trendmicrodeep_security_agent
20.0:update4959
trendmicrodeep_security_agent
20.0:update5137
trendmicrodeep_security_agent
20.0:update5394
trendmicrodeep_security_agent
20.0:update5512
trendmicrodeep_security_agent
20.0:update5761
trendmicrodeep_security_agent
20.0:update5953
trendmicrodeep_security_agent
20.0:update6313
trendmicrodeep_security_agent
20.0:update6658
trendmicrodeep_security_agent
20.0:update6912
trendmicrodeep_security_agent
20.0:update7119
trendmicrodeep_security_agent
20.0:update7303
trendmicrodeep_security_agent
20.0:update7476
trendmicrodeep_security_agent
20.0:update7719
trendmicrodeep_security_agent
20.0:update7943
trendmicrodeep_security_agent
20.0:update8137
trendmicrodeep_security_agent
20.0:update8268
trendmicrodeep_security_agent
20.0:update8438
trendmicrodeep_security_agent
20.0:update8453
trendmicrodeep_security_agent
20.0:update877
trendmicrodeep_security_agent
20.0.1:update690
trendmicrodeep_security_agent
20.0:update1337
trendmicrodeep_security_agent
20.0:update1559
trendmicrodeep_security_agent
20.0:update1681
trendmicrodeep_security_agent
20.0:update1822
trendmicrodeep_security_agent
20.0:update1876
trendmicrodeep_security_agent
20.0:update2009
trendmicrodeep_security_agent
20.0:update2204
trendmicrodeep_security_agent
20.0:update2419
trendmicrodeep_security_agent
20.0:update2593
trendmicrodeep_security_agent
20.0:update2740
trendmicrodeep_security_agent
20.0:update2921
trendmicrodeep_security_agent
20.0:update3165
trendmicrodeep_security_agent
20.0:update3288
trendmicrodeep_security_agent
20.0:update3445
trendmicrodeep_security_agent
20.0:update3530
trendmicrodeep_security_agent
20.0:update3771
trendmicrodeep_security_agent
20.0:update3964
trendmicrodeep_security_agent
20.0:update4185
trendmicrodeep_security_agent
20.0:update4416
trendmicrodeep_security_agent
20.0:update4726
trendmicrodeep_security_agent
20.0:update4959
trendmicrodeep_security_agent
20.0:update5137
trendmicrodeep_security_agent
20.0:update5394
trendmicrodeep_security_agent
20.0:update5512
trendmicrodeep_security_agent
20.0:update5810
trendmicrodeep_security_agent
20.0:update5995
trendmicrodeep_security_agent
20.0:update6313
trendmicrodeep_security_agent
20.0:update6690
trendmicrodeep_security_agent
20.0:update6860
trendmicrodeep_security_agent
20.0:update7119
trendmicrodeep_security_agent
20.0:update7303
trendmicrodeep_security_agent
20.0:update7476
trendmicrodeep_security_agent
20.0:update7719
trendmicrodeep_security_agent
20.0:update7943
trendmicrodeep_security_agent
20.0:update8137
trendmicrodeep_security_agent
20.0:update8268
trendmicrodeep_security_agent
20.0:update8438
trendmicrodeep_security_agent
20.0:update877
trendmicrodeep_security_agent
20.0.1:update690
trendmicrodeep_security_agent
20.0.1:update700
trendmicrodeep_security_agent
20.0:update1194
trendmicrodeep_security_agent
20.0:update1304
trendmicrodeep_security_agent
20.0:update1337
trendmicrodeep_security_agent
20.0:update1559
trendmicrodeep_security_agent
20.0:update1681
trendmicrodeep_security_agent
20.0:update1822
trendmicrodeep_security_agent
20.0:update1876
trendmicrodeep_security_agent
20.0:update2009
trendmicrodeep_security_agent
20.0:update2204
trendmicrodeep_security_agent
20.0:update2395
trendmicrodeep_security_agent
20.0:update2593
trendmicrodeep_security_agent
20.0:update2740
trendmicrodeep_security_agent
20.0:update2921
trendmicrodeep_security_agent
20.0:update3165
trendmicrodeep_security_agent
20.0:update3288
trendmicrodeep_security_agent
20.0:update3445
trendmicrodeep_security_agent
20.0:update3770
trendmicrodeep_security_agent
20.0:update3964
trendmicrodeep_security_agent
20.0:update4185
trendmicrodeep_security_agent
20.0:update4416
trendmicrodeep_security_agent
20.0:update4726
trendmicrodeep_security_agent
20.0:update4959
trendmicrodeep_security_agent
20.0:update5137
trendmicrodeep_security_agent
20.0:update5394
trendmicrodeep_security_agent
20.0:update5512
trendmicrodeep_security_agent
20.0:update5761
trendmicrodeep_security_agent
20.0:update5953
trendmicrodeep_security_agent
20.0:update6313
trendmicrodeep_security_agent
20.0:update6658
trendmicrodeep_security_agent
20.0:update6912
trendmicrodeep_security_agent
20.0:update7119
trendmicrodeep_security_agent
20.0:update7303
trendmicrodeep_security_agent
20.0:update7476
trendmicrodeep_security_agent
20.0:update7719
trendmicrodeep_security_agent
20.0:update7943
trendmicrodeep_security_agent
20.0:update8137
trendmicrodeep_security_agent
20.0:update8268
trendmicrodeep_security_agent
20.0:update8438
trendmicrodeep_security_agent
20.0:update877
trendmicrodeep_security_agent
20.0.1:update690
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://success.trendmicro.com/dcx/s/solution/000298151
https://www.zerodayinitiative.com/advisories/ZDI-24-575/
https://success.trendmicro.com/dcx/s/solution/000298151
https://www.zerodayinitiative.com/advisories/ZDI-24-575/