A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.
References
Link | Resource |
---|---|
https://success.trendmicro.com/solution/000290104 | Mitigation Patch Vendor Advisory |
https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2022-01-20 11:15
Updated : 2022-01-27 07:59
NVD link : CVE-2022-23120
Mitre link : CVE-2022-23120
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
trendmicro
- deep_security_agent
linux
- linux_kernel