CVE-2022-40709: Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability
First published: Wed Sep 28 2022(Updated: )
An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708.
Credit: security@trendmicro.com security@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro Deep Security Agent | ||
| Trend Micro Deep Security | =20.0 | |
| All of | ||
| Any of | ||
| Trend Micro Deep Security Agent | =20.0 | |
| Trend Micro Deep Security Agent | =20.0-update1337 | |
| Trend Micro Deep Security Agent | =20.0-update1559 | |
| Trend Micro Deep Security Agent | =20.0-update158 | |
| Trend Micro Deep Security Agent | =20.0-update167 | |
| Trend Micro Deep Security Agent | =20.0-update1681 | |
| Trend Micro Deep Security Agent | =20.0-update173 | |
| Trend Micro Deep Security Agent | =20.0-update180 | |
| Trend Micro Deep Security Agent | =20.0-update182 | |
| Trend Micro Deep Security Agent | =20.0-update1822 | |
| Trend Micro Deep Security Agent | =20.0-update183 | |
| Trend Micro Deep Security Agent | =20.0-update1876 | |
| Trend Micro Deep Security Agent | =20.0-update190 | |
| Trend Micro Deep Security Agent | =20.0-update198 | |
| Trend Micro Deep Security Agent | =20.0-update2009 | |
| Trend Micro Deep Security Agent | =20.0-update208 | |
| Trend Micro Deep Security Agent | =20.0-update213 | |
| Trend Micro Deep Security Agent | =20.0-update2204 | |
| Trend Micro Deep Security Agent | =20.0-update223 | |
| Trend Micro Deep Security Agent | =20.0-update224 | |
| Trend Micro Deep Security Agent | =20.0-update2419 | |
| Trend Micro Deep Security Agent | =20.0-update2593 | |
| Trend Micro Deep Security Agent | =20.0-update2740 | |
| Trend Micro Deep Security Agent | =20.0-update2921 | |
| Trend Micro Deep Security Agent | =20.0-update3165 | |
| Trend Micro Deep Security Agent | =20.0-update3288 | |
| Trend Micro Deep Security Agent | =20.0-update3445 | |
| Trend Micro Deep Security Agent | =20.0-update3530 | |
| Trend Micro Deep Security Agent | =20.0-update3771 | |
| Trend Micro Deep Security Agent | =20.0-update3964 | |
| Trend Micro Deep Security Agent | =20.0-update4185 | |
| Trend Micro Deep Security Agent | =20.0-update4416 | |
| Trend Micro Deep Security Agent | =20.0-update4726 | |
| Trend Micro Deep Security Agent | =20.0-update4959 | |
| Trend Micro Deep Security Agent | =20.0-update5137 | |
| Trend Micro Deep Security Agent | =20.0-update877 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-40709?
CVE-2022-40709 is a vulnerability in Trend Micro Deep Security that allows local attackers to disclose sensitive information.
How can this vulnerability be exploited?
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
What is the severity of CVE-2022-40709?
CVE-2022-40709 has a severity rating of medium, with a CVSS score of 4.4.
Which versions of Trend Micro Deep Security are affected?
Trend Micro Deep Security version 20.0 is affected by CVE-2022-40709.
How can I fix CVE-2022-40709?
To fix CVE-2022-40709, it is recommended to apply the latest security updates provided by Trend Micro.
- agent/references
- agent/type
- agent/weakness
- agent/title
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-22-1299
- alias/ZDI-CAN-16651
- alias/CVE-2022-40709
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-index
- collector/nvd-api
- source/NVD
- vendor/trend micro
- canonical/trend micro deep security agent
- vendor/trendmicro
- canonical/trend micro deep security
- version/trend micro deep security/20.0
- version/trend micro deep security agent/20.0
- version/trend micro deep security agent/20.0-update1337
- version/trend micro deep security agent/20.0-update1559
- version/trend micro deep security agent/20.0-update158
- version/trend micro deep security agent/20.0-update167
- version/trend micro deep security agent/20.0-update1681
- version/trend micro deep security agent/20.0-update173
- version/trend micro deep security agent/20.0-update180
- version/trend micro deep security agent/20.0-update182
- version/trend micro deep security agent/20.0-update1822
- version/trend micro deep security agent/20.0-update183
- version/trend micro deep security agent/20.0-update1876
- version/trend micro deep security agent/20.0-update190
- version/trend micro deep security agent/20.0-update198
- version/trend micro deep security agent/20.0-update2009
- version/trend micro deep security agent/20.0-update208
- version/trend micro deep security agent/20.0-update213
- version/trend micro deep security agent/20.0-update2204
- version/trend micro deep security agent/20.0-update223
- version/trend micro deep security agent/20.0-update224
- version/trend micro deep security agent/20.0-update2419
- version/trend micro deep security agent/20.0-update2593
- version/trend micro deep security agent/20.0-update2740
- version/trend micro deep security agent/20.0-update2921
- version/trend micro deep security agent/20.0-update3165
- version/trend micro deep security agent/20.0-update3288
- version/trend micro deep security agent/20.0-update3445
- version/trend micro deep security agent/20.0-update3530
- version/trend micro deep security agent/20.0-update3771
- version/trend micro deep security agent/20.0-update3964
- version/trend micro deep security agent/20.0-update4185
- version/trend micro deep security agent/20.0-update4416
- version/trend micro deep security agent/20.0-update4726
- version/trend micro deep security agent/20.0-update4959
- version/trend micro deep security agent/20.0-update5137
- version/trend micro deep security agent/20.0-update877
- vendor/microsoft
- canonical/microsoft windows