CVE-2022-23120 - Vulnerability Details

A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Trendmicro	Deep Security Agent

Configuration 1 [-]

AND

OR	cpe:2.3:a:trendmicro:deep_security_agent:::::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:-:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update1:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update10:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update11:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update12:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update13:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update14:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update15:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update16:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update17:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update18:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update19:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update2:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update20:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update21:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update22:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update23:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update24:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update25:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update26:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update27:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update28:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update29:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update3:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update30:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update31:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update4:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update5:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update6:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update7:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update8:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:10.0:update9:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:-:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update1:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update10:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update11:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update12:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update13:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update14:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update15:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update16:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update17:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update18:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update19:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update2:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update20:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update21:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update22:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update23:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update24:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update25:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update26:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update27:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update3:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update4:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update5:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update6:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update7:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update8:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:11.0:update9:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:12.0:-:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:12.0:update1:::long_term_support:::*
	cpe:2.3:a:trendmicro:deep_security_agent:12.0:update10:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update11:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update12:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update13:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update14:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update15:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update16:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update17:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update18:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update19:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update2:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update20:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update21:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update3:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update4:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update5:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update6:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update7:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update8:::long_term_support:::*
cpe:2.3:a:trendmicro:deep_security_agent:12.0:update9:::long_term_support:::*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://success.trendmicro.com/solution/000290104
https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2022-01-20T18:11:18

Updated: 2024-08-03T03:36:19.169Z

Reserved: 2022-01-11T00:00:00

Link: CVE-2022-23120

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-01-20T19:15:07.957

Modified: 2024-11-21T06:48:02.167

Link: CVE-2022-23120

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Trend Micro Deep Security Agent for Linux", "vendor": "Trend Micro", "versions": [{"status": "affected", "version": "20, 12, 11, 10"}]}], "descriptions": [{"lang": "en", "value": "A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability."}], "problemTypes": [{"descriptions": [{"description": "Code Injection LPE", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-20T18:11:18", "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://success.trendmicro.com/solution/000290104"}, {"tags": ["x_refsource_MISC"], "url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@trendmicro.com", "ID": "CVE-2022-23120", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Trend Micro Deep Security Agent for Linux", "version": {"version_data": [{"version_value": "20, 12, 11, 10"}]}}]}, "vendor_name": "Trend Micro"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Code Injection LPE"}]}]}, "references": {"reference_data": [{"name": "https://success.trendmicro.com/solution/000290104", "refsource": "MISC", "url": "https://success.trendmicro.com/solution/000290104"}, {"name": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt", "refsource": "MISC", "url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:36:19.169Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://success.trendmicro.com/solution/000290104"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"}]}]}, "cveMetadata": {"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "assignerShortName": "trendmicro", "cveId": "CVE-2022-23120", "datePublished": "2022-01-20T18:11:18", "dateReserved": "2022-01-11T00:00:00", "dateUpdated": "2024-08-03T03:36:19.169Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:*:*:*:*:long_term_support:*:*:*", "matchCriteriaId": "B0C257E3-8965-419B-A1CF-A36A0694E772", "versionEndExcluding": "20.0.0-3445", "versionStartIncluding": "20.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:-:*:*:long_term_support:*:*:*", "matchCriteriaId": "321EB924-8AD5-4BA2-808A-25F802B675B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update1:*:*:long_term_support:*:*:*", "matchCriteriaId": "09B1BB7D-D806-43B6-B9C4-D7996545C92D", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update10:*:*:long_term_support:*:*:*", "matchCriteriaId": "FC319EA4-53C8-4DE2-AA77-AF51EF8EE2C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update11:*:*:long_term_support:*:*:*", "matchCriteriaId": "E75B8D37-71C4-46D8-BDEA-4092D3EA422A", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update12:*:*:long_term_support:*:*:*", "matchCriteriaId": "43976B40-11D5-43AB-9204-6D749204121B", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update13:*:*:long_term_support:*:*:*", "matchCriteriaId": "F3D52AB1-7932-4257-A779-76A10FBEE4A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update14:*:*:long_term_support:*:*:*", "matchCriteriaId": "BD9BD10B-BE86-47AC-AB0C-A107A066B234", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update15:*:*:long_term_support:*:*:*", "matchCriteriaId": "36FED81B-AE50-42EB-9F86-37EF97C9453F", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update16:*:*:long_term_support:*:*:*", "matchCriteriaId": "B7410926-0A0F-4D7D-93AE-11812B0BFAF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update17:*:*:long_term_support:*:*:*", "matchCriteriaId": "E28EE556-D322-4B03-9C8B-F6DE9A73E3F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update18:*:*:long_term_support:*:*:*", "matchCriteriaId": "A009F12A-125E-4B4C-ABAD-AFDF52AC9E33", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update19:*:*:long_term_support:*:*:*", "matchCriteriaId": "3A165D79-C3B8-453B-B845-FE7C75FCD887", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update2:*:*:long_term_support:*:*:*", "matchCriteriaId": "42B6F868-C72D-49D1-B70F-25F6BDCD9A4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update20:*:*:long_term_support:*:*:*", "matchCriteriaId": "7130DB44-4550-4D28-8114-2C89C7490C9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update21:*:*:long_term_support:*:*:*", "matchCriteriaId": "283217E3-921F-407C-B08A-5D71C4A39AC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update22:*:*:long_term_support:*:*:*", "matchCriteriaId": "353D2026-D8DA-4C4B-A933-6BF33C85751E", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update23:*:*:long_term_support:*:*:*", "matchCriteriaId": "BF1DCC0C-E834-436F-8FB1-BD3E857FDCF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update24:*:*:long_term_support:*:*:*", "matchCriteriaId": "EC19A050-324B-427A-BE1C-B9030A07DB7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update25:*:*:long_term_support:*:*:*", "matchCriteriaId": "E06D04C4-B1F2-4CC0-BD7D-1125001A2211", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update26:*:*:long_term_support:*:*:*", "matchCriteriaId": "14E90A61-DEC5-4EF0-BFD2-6740F20A8E5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update27:*:*:long_term_support:*:*:*", "matchCriteriaId": "0FACE806-A137-4F32-A975-A0DCC7613252", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update28:*:*:long_term_support:*:*:*", "matchCriteriaId": "BDB1F56A-D134-49D8-88D0-F9E80E2051FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update29:*:*:long_term_support:*:*:*", "matchCriteriaId": "EEC17CCA-83FF-45D3-9CDB-27C5E1FA1D28", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update3:*:*:long_term_support:*:*:*", "matchCriteriaId": "03AC8F33-76DE-4159-8FB8-2552D420083A", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update30:*:*:long_term_support:*:*:*", "matchCriteriaId": "661512DC-94BF-4033-BCCF-CEB0B4CF30CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update31:*:*:long_term_support:*:*:*", "matchCriteriaId": "7DBDF5F7-124B-4776-9803-6A03FEDB2075", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update4:*:*:long_term_support:*:*:*", "matchCriteriaId": "F0D3A45A-1D11-45E0-92D3-E7398CB049E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update5:*:*:long_term_support:*:*:*", "matchCriteriaId": "C22891AE-781F-4212-B1D3-9E4F5FB0C14E", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update6:*:*:long_term_support:*:*:*", "matchCriteriaId": "A71E3B80-F9A9-45F6-95F5-B6B352FAC27D", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update7:*:*:long_term_support:*:*:*", "matchCriteriaId": "16AAC654-6F7E-4557-B03C-1EAD8C6ABB1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update8:*:*:long_term_support:*:*:*", "matchCriteriaId": "6E3B910C-0D6E-4E4A-BB0D-40A540AC3F06", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update9:*:*:long_term_support:*:*:*", "matchCriteriaId": "12A1E116-286E-4A47-A44E-360EEA8880AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:-:*:*:long_term_support:*:*:*", "matchCriteriaId": "E943BEB7-FE23-46EA-ADF0-7F98A4B3CA47", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update1:*:*:long_term_support:*:*:*", "matchCriteriaId": "F88232D0-FEEF-485D-B1C9-221C4E967194", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update10:*:*:long_term_support:*:*:*", "matchCriteriaId": "7C108DC0-117F-46ED-9A72-D876D8203A80", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update11:*:*:long_term_support:*:*:*", "matchCriteriaId": "F67BDB9D-A5B8-4510-8C1D-963BBFF2DCA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update12:*:*:long_term_support:*:*:*", "matchCriteriaId": "1DBFF14B-08E0-4A49-8A74-919F3A5A3D4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update13:*:*:long_term_support:*:*:*", "matchCriteriaId": "B909B6D7-52B8-4165-9864-3A05F25EC25C", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update14:*:*:long_term_support:*:*:*", "matchCriteriaId": "3B642F2C-D882-418E-8A24-6BD8C40DF42E", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update15:*:*:long_term_support:*:*:*", "matchCriteriaId": "A78B7332-7A88-4BC3-9816-60438392C96D", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update16:*:*:long_term_support:*:*:*", "matchCriteriaId": "B53E159E-9723-4AA2-AA30-B20FB8BE1823", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update17:*:*:long_term_support:*:*:*", "matchCriteriaId": "8BBC6429-3B3A-4CB2-9829-F0B3DEE23CC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update18:*:*:long_term_support:*:*:*", "matchCriteriaId": "D55E7CCF-A94E-469A-95EC-37D378AAFB62", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update19:*:*:long_term_support:*:*:*", "matchCriteriaId": "CB6149B2-EDDA-4AB0-B089-5F165776194E", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update2:*:*:long_term_support:*:*:*", "matchCriteriaId": "E14C97A1-E3A1-44E4-9400-D2338809857A", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update20:*:*:long_term_support:*:*:*", "matchCriteriaId": "E9CA17B2-29B0-440E-9941-A286F11D3FBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update21:*:*:long_term_support:*:*:*", "matchCriteriaId": "C2DF06E1-A427-4F8C-B317-9BD4DF53BB75", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update22:*:*:long_term_support:*:*:*", "matchCriteriaId": "B5660651-78FC-4EB3-9C63-02AE21098F20", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update23:*:*:long_term_support:*:*:*", "matchCriteriaId": "84CB2D0C-D84D-420C-9BB7-1744F9D106D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update24:*:*:long_term_support:*:*:*", "matchCriteriaId": "5E889298-AF8C-41FB-9130-5E977D4A9F5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update25:*:*:long_term_support:*:*:*", "matchCriteriaId": "519FABA6-389D-4F7A-994A-0B6840FC01D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update26:*:*:long_term_support:*:*:*", "matchCriteriaId": "2BABC000-62AE-48EA-952E-E2735702C5FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update27:*:*:long_term_support:*:*:*", "matchCriteriaId": "60502D21-2275-4A71-A1C3-E9F7730DC26F", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update3:*:*:long_term_support:*:*:*", "matchCriteriaId": "F0A6CCFE-B2ED-495C-BAA7-6EBD86DB4DEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update4:*:*:long_term_support:*:*:*", "matchCriteriaId": "625C44C4-6753-43F4-BD40-BC7B0BD4D063", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update5:*:*:long_term_support:*:*:*", "matchCriteriaId": "A0A04ED2-5ED5-46E3-BE03-79AD3B31F08F", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update6:*:*:long_term_support:*:*:*", "matchCriteriaId": "8677CC3F-D1C5-493F-9078-3C47DE38C3C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update7:*:*:long_term_support:*:*:*", "matchCriteriaId": "F7D02C0C-CCA6-45DB-A3CC-8CB3454FE4DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update8:*:*:long_term_support:*:*:*", "matchCriteriaId": "08C0A5A4-5F01-4DDE-84A2-816DEAA2CF3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update9:*:*:long_term_support:*:*:*", "matchCriteriaId": "3807FB6F-B75B-425D-BF5F-0B6C2501908E", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:-:*:*:long_term_support:*:*:*", "matchCriteriaId": "7D8B777A-D631-476A-B161-D704F25A9BD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update1:*:*:long_term_support:*:*:*", "matchCriteriaId": "F2239884-756F-4032-BC83-38969192C062", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update10:*:*:long_term_support:*:*:*", "matchCriteriaId": "C85FB7B4-15AB-4D71-B8E4-FD72BCA47943", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update11:*:*:long_term_support:*:*:*", "matchCriteriaId": "EEBC3261-6785-494A-AF69-9B9E92C1C449", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update12:*:*:long_term_support:*:*:*", "matchCriteriaId": "4BDE013F-B4E8-433C-BD95-E6578E8B6E2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update13:*:*:long_term_support:*:*:*", "matchCriteriaId": "1BD1467E-E658-4F27-8123-6C27C99E95A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update14:*:*:long_term_support:*:*:*", "matchCriteriaId": "A9611071-E484-4F32-8F18-FD299A60E335", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update15:*:*:long_term_support:*:*:*", "matchCriteriaId": "D65290CE-9638-45C4-96F9-C0B676FAA834", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update16:*:*:long_term_support:*:*:*", "matchCriteriaId": "D257AA23-A28F-4110-819F-7D0F246DD2DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update17:*:*:long_term_support:*:*:*", "matchCriteriaId": "A9F8542C-ED04-483C-AB27-D4FE55558951", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update18:*:*:long_term_support:*:*:*", "matchCriteriaId": "2616E2DF-8FB3-4B8C-B329-334D794242E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update19:*:*:long_term_support:*:*:*", "matchCriteriaId": "9C9471AE-E7C2-4789-907D-EC5F1195431E", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update2:*:*:long_term_support:*:*:*", "matchCriteriaId": "4CB292C1-9467-4987-B670-927287503F46", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update20:*:*:long_term_support:*:*:*", "matchCriteriaId": "0418BDF2-673B-40CF-BC64-7C4C24AA72FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update21:*:*:long_term_support:*:*:*", "matchCriteriaId": "14370D4B-5141-4581-8F92-7F9BDB885282", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update3:*:*:long_term_support:*:*:*", "matchCriteriaId": "2D2D0C04-948C-4B24-A6EC-FB54A57077F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update4:*:*:long_term_support:*:*:*", "matchCriteriaId": "6F454D5A-1C03-42F6-8639-FC550F5D8B48", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update5:*:*:long_term_support:*:*:*", "matchCriteriaId": "1A824F50-CB92-4FE2-B097-C4DD9E8D65FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update6:*:*:long_term_support:*:*:*", "matchCriteriaId": "DB62D225-22C1-4452-856A-EFE31CC6FA0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update7:*:*:long_term_support:*:*:*", "matchCriteriaId": "FD084BE9-D333-4495-874D-4E7DF892494D", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update8:*:*:long_term_support:*:*:*", "matchCriteriaId": "B1CB2EC1-3CEF-4033-A6BB-328D53752BEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update9:*:*:long_term_support:*:*:*", "matchCriteriaId": "ED56C9F2-19A4-4E1E-BF02-8E192415E09F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en Trend Micro Deep Security y Cloud One - Workload Security Agent para Linux versi\u00f3n 20 y anteriores, podr\u00eda permitir a un atacante escalar privilegios y ejecutar c\u00f3digo arbitrario en el contexto de root. Nota: un atacante debe obtener primero acceso al agente de destino en un estado no activado y no configurado para poder explotar esta vulnerabilidad"}], "id": "CVE-2022-23120", "lastModified": "2024-11-21T06:48:02.167", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-20T19:15:07.957", "references": [{"source": "security@trendmicro.com", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://success.trendmicro.com/solution/000290104"}, {"source": "security@trendmicro.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://success.trendmicro.com/solution/000290104"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt"}], "sourceIdentifier": "security@trendmicro.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object