Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-23119

A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability.

Published

2022-01-20T19:15:07.907

Last Modified

2024-11-21T06:48:02.010

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	trendmicro	deep_security_agent	< 20.0.0-3445	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	10.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	11.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Application	trendmicro	deep_security_agent	12.0	Yes
Operating System	linux	linux_kernel	-	No

References

https://success.trendmicro.com/solution/000290104 Mitigation, Patch, Vendor Advisory ([email protected])
https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt Exploit, Third Party Advisory ([email protected])
https://success.trendmicro.com/solution/000290104 Mitigation, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)