A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
Link | Resource |
---|---|
https://success.trendmicro.com/solution/000290464 | Patch Vendor Advisory |
https://success.trendmicro.com/solution/000290486 | Patch Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-22-370/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2022-02-23 19:15
Updated : 2022-03-03 06:13
NVD link : CVE-2022-24679
Mitre link : CVE-2022-24679
JSON object : View
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')
Products Affected
trendmicro
- apex_one
- worry-free_business_security_services
- worry-free_business_security
microsoft
- windows