cvelistv5 - cve-2022-23120

cve-2022-23120

Vulnerability from cvelistv5

Published

2022-01-20 18:11

Modified

2024-08-03 03:36

Severity ?

Summary

A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.

References

▼	URL	Tags
	security@trendmicro.com	https://success.trendmicro.com/solution/000290104	Mitigation, Patch, Vendor Advisory
	security@trendmicro.com	https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt	Exploit, Third Party Advisory

Impacted products

▼	Vendor	Product
	Trend Micro	Trend Micro Deep Security Agent for Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:36:19.169Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://success.trendmicro.com/solution/000290104"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Deep Security Agent for Linux",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "20, 12, 11, 10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Code Injection LPE",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-20T18:11:18",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://success.trendmicro.com/solution/000290104"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2022-23120",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Deep Security Agent for Linux",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "20, 12, 11, 10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Code Injection LPE"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000290104",
              "refsource": "MISC",
              "url": "https://success.trendmicro.com/solution/000290104"
            },
            {
              "name": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt",
              "refsource": "MISC",
              "url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2022-23120",
    "datePublished": "2022-01-20T18:11:18",
    "dateReserved": "2022-01-11T00:00:00",
    "dateUpdated": "2024-08-03T03:36:19.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-23120\",\"sourceIdentifier\":\"security@trendmicro.com\",\"published\":\"2022-01-20T19:15:07.957\",\"lastModified\":\"2022-01-27T15:59:38.667\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en Trend Micro Deep Security y Cloud One - Workload Security Agent para Linux versi\u00f3n 20 y anteriores, podr\u00eda permitir a un atacante escalar privilegios y ejecutar c\u00f3digo arbitrario en el contexto de root. Nota: un atacante debe obtener primero acceso al agente de destino en un estado no activado y no configurado para poder explotar esta vulnerabilidad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":6.9},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:*:*:*:*:long_term_support:*:*:*\",\"versionStartIncluding\":\"20.0\",\"versionEndExcluding\":\"20.0.0-3445\",\"matchCriteriaId\":\"B0C257E3-8965-419B-A1CF-A36A0694E772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:-:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"321EB924-8AD5-4BA2-808A-25F802B675B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update1:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"09B1BB7D-D806-43B6-B9C4-D7996545C92D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update10:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"FC319EA4-53C8-4DE2-AA77-AF51EF8EE2C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update11:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"E75B8D37-71C4-46D8-BDEA-4092D3EA422A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update12:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"43976B40-11D5-43AB-9204-6D749204121B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update13:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"F3D52AB1-7932-4257-A779-76A10FBEE4A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update14:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"BD9BD10B-BE86-47AC-AB0C-A107A066B234\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update15:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"36FED81B-AE50-42EB-9F86-37EF97C9453F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update16:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"B7410926-0A0F-4D7D-93AE-11812B0BFAF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update17:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"E28EE556-D322-4B03-9C8B-F6DE9A73E3F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update18:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"A009F12A-125E-4B4C-ABAD-AFDF52AC9E33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update19:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"3A165D79-C3B8-453B-B845-FE7C75FCD887\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update2:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"42B6F868-C72D-49D1-B70F-25F6BDCD9A4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update20:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"7130DB44-4550-4D28-8114-2C89C7490C9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update21:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"283217E3-921F-407C-B08A-5D71C4A39AC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update22:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"353D2026-D8DA-4C4B-A933-6BF33C85751E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update23:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"BF1DCC0C-E834-436F-8FB1-BD3E857FDCF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update24:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"EC19A050-324B-427A-BE1C-B9030A07DB7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update25:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"E06D04C4-B1F2-4CC0-BD7D-1125001A2211\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update26:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"14E90A61-DEC5-4EF0-BFD2-6740F20A8E5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update27:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"0FACE806-A137-4F32-A975-A0DCC7613252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update28:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"BDB1F56A-D134-49D8-88D0-F9E80E2051FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update29:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"EEC17CCA-83FF-45D3-9CDB-27C5E1FA1D28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update3:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"03AC8F33-76DE-4159-8FB8-2552D420083A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update30:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"661512DC-94BF-4033-BCCF-CEB0B4CF30CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update31:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"7DBDF5F7-124B-4776-9803-6A03FEDB2075\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update4:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"F0D3A45A-1D11-45E0-92D3-E7398CB049E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update5:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"C22891AE-781F-4212-B1D3-9E4F5FB0C14E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update6:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"A71E3B80-F9A9-45F6-95F5-B6B352FAC27D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update7:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"16AAC654-6F7E-4557-B03C-1EAD8C6ABB1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update8:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"6E3B910C-0D6E-4E4A-BB0D-40A540AC3F06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:10.0:update9:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"12A1E116-286E-4A47-A44E-360EEA8880AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:-:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"E943BEB7-FE23-46EA-ADF0-7F98A4B3CA47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update1:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"F88232D0-FEEF-485D-B1C9-221C4E967194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update10:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"7C108DC0-117F-46ED-9A72-D876D8203A80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update11:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"F67BDB9D-A5B8-4510-8C1D-963BBFF2DCA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update12:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"1DBFF14B-08E0-4A49-8A74-919F3A5A3D4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update13:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"B909B6D7-52B8-4165-9864-3A05F25EC25C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update14:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"3B642F2C-D882-418E-8A24-6BD8C40DF42E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update15:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"A78B7332-7A88-4BC3-9816-60438392C96D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update16:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"B53E159E-9723-4AA2-AA30-B20FB8BE1823\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update17:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"8BBC6429-3B3A-4CB2-9829-F0B3DEE23CC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update18:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"D55E7CCF-A94E-469A-95EC-37D378AAFB62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update19:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"CB6149B2-EDDA-4AB0-B089-5F165776194E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update2:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"E14C97A1-E3A1-44E4-9400-D2338809857A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update20:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"E9CA17B2-29B0-440E-9941-A286F11D3FBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update21:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"C2DF06E1-A427-4F8C-B317-9BD4DF53BB75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update22:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"B5660651-78FC-4EB3-9C63-02AE21098F20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update23:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"84CB2D0C-D84D-420C-9BB7-1744F9D106D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update24:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"5E889298-AF8C-41FB-9130-5E977D4A9F5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update25:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"519FABA6-389D-4F7A-994A-0B6840FC01D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update26:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"2BABC000-62AE-48EA-952E-E2735702C5FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update27:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"60502D21-2275-4A71-A1C3-E9F7730DC26F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update3:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"F0A6CCFE-B2ED-495C-BAA7-6EBD86DB4DEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update4:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"625C44C4-6753-43F4-BD40-BC7B0BD4D063\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update5:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"A0A04ED2-5ED5-46E3-BE03-79AD3B31F08F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update6:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"8677CC3F-D1C5-493F-9078-3C47DE38C3C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update7:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"F7D02C0C-CCA6-45DB-A3CC-8CB3454FE4DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update8:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"08C0A5A4-5F01-4DDE-84A2-816DEAA2CF3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:11.0:update9:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"3807FB6F-B75B-425D-BF5F-0B6C2501908E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:-:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"7D8B777A-D631-476A-B161-D704F25A9BD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update1:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"F2239884-756F-4032-BC83-38969192C062\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update10:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"C85FB7B4-15AB-4D71-B8E4-FD72BCA47943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update11:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"EEBC3261-6785-494A-AF69-9B9E92C1C449\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update12:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"4BDE013F-B4E8-433C-BD95-E6578E8B6E2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update13:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"1BD1467E-E658-4F27-8123-6C27C99E95A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update14:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"A9611071-E484-4F32-8F18-FD299A60E335\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update15:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"D65290CE-9638-45C4-96F9-C0B676FAA834\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update16:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"D257AA23-A28F-4110-819F-7D0F246DD2DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update17:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"A9F8542C-ED04-483C-AB27-D4FE55558951\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update18:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"2616E2DF-8FB3-4B8C-B329-334D794242E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update19:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"9C9471AE-E7C2-4789-907D-EC5F1195431E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update2:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"4CB292C1-9467-4987-B670-927287503F46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update20:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"0418BDF2-673B-40CF-BC64-7C4C24AA72FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update21:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"14370D4B-5141-4581-8F92-7F9BDB885282\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update3:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"2D2D0C04-948C-4B24-A6EC-FB54A57077F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update4:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"6F454D5A-1C03-42F6-8639-FC550F5D8B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update5:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"1A824F50-CB92-4FE2-B097-C4DD9E8D65FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update6:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"DB62D225-22C1-4452-856A-EFE31CC6FA0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update7:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"FD084BE9-D333-4495-874D-4E7DF892494D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update8:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"B1CB2EC1-3CEF-4033-A6BB-328D53752BEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:deep_security_agent:12.0:update9:*:*:long_term_support:*:*:*\",\"matchCriteriaId\":\"ED56C9F2-19A4-4E1E-BF02-8E192415E09F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]}],\"references\":[{\"url\":\"https://success.trendmicro.com/solution/000290104\",\"source\":\"security@trendmicro.com\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt\",\"source\":\"security@trendmicro.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

gsd-2022-23120

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2022-23120

Aliases

CVE-2022-23120

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-23120",
    "description": "A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.",
    "id": "GSD-2022-23120"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-23120"
      ],
      "details": "A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.",
      "id": "GSD-2022-23120",
      "modified": "2023-12-13T01:19:34.955968Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@trendmicro.com",
        "ID": "CVE-2022-23120",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Trend Micro Deep Security Agent for Linux",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "20, 12, 11, 10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Trend Micro"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Code Injection LPE"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://success.trendmicro.com/solution/000290104",
            "refsource": "MISC",
            "url": "https://success.trendmicro.com/solution/000290104"
          },
          {
            "name": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt",
            "refsource": "MISC",
            "url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:-:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update1:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update10:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update11:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update12:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update13:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update14:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update15:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update16:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update17:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update18:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update19:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update2:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update20:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update21:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update22:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update23:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update24:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update25:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update26:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update27:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update28:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update29:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update3:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update30:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update31:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update4:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update5:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update6:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update7:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update8:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update9:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:-:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update1:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update10:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update11:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update12:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update13:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update14:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update15:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update16:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update17:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update18:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update19:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update2:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update20:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update21:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update22:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update23:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update24:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update25:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update26:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update27:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update3:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update4:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update5:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update6:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update7:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update8:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update9:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:-:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update1:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update10:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update11:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update12:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update13:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update14:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update15:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update16:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update17:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update18:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update19:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update2:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update20:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update21:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update3:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update4:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update5:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update6:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update7:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update8:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update9:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:deep_security_agent:*:*:*:*:long_term_support:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "20.0.0-3445",
                    "versionStartIncluding": "20.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2022-23120"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://success.trendmicro.com/solution/000290104",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://success.trendmicro.com/solution/000290104"
            },
            {
              "name": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-01-27T15:59Z",
      "publishedDate": "2022-01-20T19:15Z"
    }
  }
}

cve-2022-23120

Vulnerability from jvndb

Published

2022-01-25 13:35

Modified

2022-01-25 13:35

Severity ?

7.0 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux

Details

Deep Security and Cloud One - Workload Security Agent for Linux provided by Trend Micro Incorporated contain multiple vulnerabilities listed below. * Directory Traversal (CWE-22) - CVE-2022-23119 * Code Injection (CWE-94) - CVE-2022-23120 As of 2022 January 24, a Proof-of-Concept (PoC) code exploiting these vulnerabilities have already been made public. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

References

▼	Type	URL
	JVN	https://jvn.jp/en/vu/JVNVU95024141/
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-23119
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-23120
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-23119
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-23120
	Path Traversal(CWE-22)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Code Injection(CWE-94)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Trend Micro, Inc.	Cloud One Workload Security
	Trend Micro, Inc.	Deep Security Agent

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001097.html",
  "dc:date": "2022-01-25T13:35+09:00",
  "dcterms:issued": "2022-01-25T13:35+09:00",
  "dcterms:modified": "2022-01-25T13:35+09:00",
  "description": "Deep Security and Cloud One - Workload Security Agent for Linux provided by Trend Micro Incorporated contain multiple vulnerabilities listed below.\r\n\r\n  * Directory Traversal (CWE-22) - CVE-2022-23119\r\n  * Code Injection (CWE-94) - CVE-2022-23120\r\n\r\nAs of 2022 January 24, a Proof-of-Concept (PoC) code exploiting these vulnerabilities have already been made public.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001097.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:trendmicro:cloud_one_workload_security",
      "@product": "Cloud One Workload Security",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:deep_security_agent",
      "@product": "Deep Security Agent",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "7.0",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2022-001097",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU95024141/",
      "@id": "JVNVU#95024141",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-23119",
      "@id": "CVE-2022-23119",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-23120",
      "@id": "CVE-2022-23120",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-23119",
      "@id": "CVE-2022-23119",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-23120",
      "@id": "CVE-2022-23120",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-94",
      "@title": "Code Injection(CWE-94)"
    }
  ],
  "title": "Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux"
}

ghsa-gpqg-9388-qcwr

Vulnerability from github

Published

2022-01-21 00:00

Modified

2022-01-28 00:03

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-23120"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-20T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.",
  "id": "GHSA-gpqg-9388-qcwr",
  "modified": "2022-01-28T00:03:57Z",
  "published": "2022-01-21T00:00:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23120"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/solution/000290104"
    },
    {
      "type": "WEB",
      "url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Action not permitted

cve-2022-23120

Vulnerability from cvelistv5

gsd-2022-23120

Vulnerability from gsd

cve-2022-23120

Vulnerability from jvndb

ghsa-gpqg-9388-qcwr

Vulnerability from github

Tags