CVE-2024-36473 - Vulnerability Details - OpenCVE

Description

Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges.

Published: 2024-06-10

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Trend Micro, Inc.

Trend Micro VPN Proxy One Pro

affected

Version	Status	Constraints
`5.8`	affected	< 5.8.1012

Configuration 1 [-]

cpe:2.3:a:trendmicro:vpn_proxy_one:*:*:pro:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-36110	Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0009.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://helpcenter.trendmicro.com/en-us/article/tmka-07247
https://www.zerodayinitiative.com/advisories/ZDI-24-585/

History

Wed, 30 Jul 2025 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Trendmicro Trendmicro vpn Proxy One
CPEs		cpe:2.3:a:trendmicro:vpn_proxy_one:::pro:::::*
Vendors & Products		Trendmicro Trendmicro vpn Proxy One

Sat, 29 Mar 2025 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-73

Subscriptions

Trendmicro Vpn Proxy One

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2024-06-10T21:22:16.960Z

Updated: 2025-03-28T23:46:05.938Z

Reserved: 2024-05-28T23:48:18.242Z

Link: CVE-2024-36473

Vulnrichment

Updated: 2024-08-02T03:37:05.369Z

NVD

Status : Analyzed

Published: 2024-06-10T22:15:11.997

Modified: 2025-07-30T18:40:36.057

Link: CVE-2024-36473

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-73

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36473", "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "state": "PUBLISHED", "assignerShortName": "trendmicro", "dateReserved": "2024-05-28T23:48:18.242Z", "datePublished": "2024-06-10T21:22:16.960Z", "dateUpdated": "2025-03-28T23:46:05.938Z"}, "containers": {"cna": {"affected": [{"vendor": "Trend Micro, Inc.", "product": "Trend Micro VPN Proxy One Pro", "versions": [{"version": "5.8", "status": "affected", "versionType": "semver", "lessThan": "5.8.1012"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges."}], "providerMetadata": {"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro", "dateUpdated": "2024-06-10T21:22:16.960Z"}, "references": [{"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-07247"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-585/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H"}}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-73", "lang": "en", "description": "CWE-73 External Control of File Name or Path"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T19:04:01.120640Z", "id": "CVE-2024-36473", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T23:46:05.938Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:05.369Z"}, "title": "CVE Program Container", "references": [{"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-07247", "tags": ["x_transferred"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-585/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-07247", "tags": ["x_transferred"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-585/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:05.369Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36473", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-11T19:04:01.120640Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73 External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T19:04:11.805Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Trend Micro, Inc.", "product": "Trend Micro VPN Proxy One Pro", "versions": [{"status": "affected", "version": "5.8", "lessThan": "5.8.1012", "versionType": "semver"}]}], "references": [{"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-07247"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-585/"}], "descriptions": [{"lang": "en", "value": "Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges."}], "providerMetadata": {"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro", "dateUpdated": "2024-06-10T21:22:16.960Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36473", "state": "PUBLISHED", "dateUpdated": "2025-03-28T23:46:05.938Z", "dateReserved": "2024-05-28T23:48:18.242Z", "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "datePublished": "2024-06-10T21:22:16.960Z", "assignerShortName": "trendmicro"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:vpn_proxy_one:*:*:pro:*:*:*:*:*", "matchCriteriaId": "71346F60-0453-48B5-AD2B-EBCCB4B758AA", "versionEndExcluding": "5.8.1025", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges."}, {"lang": "es", "value": "Trend Micro VPN Proxy One Pro, versi\u00f3n 5.8.1012 y anteriores es vulnerable a un ataque de creaci\u00f3n o sobrescritura de archivos arbitrario, pero est\u00e1 limitado a la denegaci\u00f3n de servicio (DoS) local y, en condiciones espec\u00edficas, puede provocar una elevaci\u00f3n de privilegios."}], "id": "CVE-2024-36473", "lastModified": "2025-07-30T18:40:36.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 4.2, "source": "security@trendmicro.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-10T22:15:11.997", "references": [{"source": "security@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-07247"}, {"source": "security@trendmicro.com", "tags": ["Third Party Advisory"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-585/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-07247"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-585/"}], "sourceIdentifier": "security@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}