CVE-2024-41183

EUVD-2024-38965
Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
trendmicroCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
trend_micro_incvpn_consumer
5.8.1030 <
𝑥
< 5.8.1030
trendmicrovpn
𝑥
< 5.8.1030
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://helpcenter.trendmicro.com/en-us/article/tmka-14460
https://www.zerodayinitiative.com/advisories/ZDI-24-1022/
https://www.zerodayinitiative.com/advisories/ZDI-24-1023/