First published: Wed Sep 28 2022(Updated: )
A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Credit: security@trendmicro.com security@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trendmicro Deep Security | =20.0 | |
All of | ||
Any of | ||
Trendmicro Deep Security Agent | =20.0 | |
Trendmicro Deep Security Agent | =20.0-update1337 | |
Trendmicro Deep Security Agent | =20.0-update1559 | |
Trendmicro Deep Security Agent | =20.0-update158 | |
Trendmicro Deep Security Agent | =20.0-update167 | |
Trendmicro Deep Security Agent | =20.0-update1681 | |
Trendmicro Deep Security Agent | =20.0-update173 | |
Trendmicro Deep Security Agent | =20.0-update180 | |
Trendmicro Deep Security Agent | =20.0-update182 | |
Trendmicro Deep Security Agent | =20.0-update1822 | |
Trendmicro Deep Security Agent | =20.0-update183 | |
Trendmicro Deep Security Agent | =20.0-update1876 | |
Trendmicro Deep Security Agent | =20.0-update190 | |
Trendmicro Deep Security Agent | =20.0-update198 | |
Trendmicro Deep Security Agent | =20.0-update2009 | |
Trendmicro Deep Security Agent | =20.0-update208 | |
Trendmicro Deep Security Agent | =20.0-update213 | |
Trendmicro Deep Security Agent | =20.0-update2204 | |
Trendmicro Deep Security Agent | =20.0-update223 | |
Trendmicro Deep Security Agent | =20.0-update224 | |
Trendmicro Deep Security Agent | =20.0-update2419 | |
Trendmicro Deep Security Agent | =20.0-update2593 | |
Trendmicro Deep Security Agent | =20.0-update2740 | |
Trendmicro Deep Security Agent | =20.0-update2921 | |
Trendmicro Deep Security Agent | =20.0-update3165 | |
Trendmicro Deep Security Agent | =20.0-update3288 | |
Trendmicro Deep Security Agent | =20.0-update3445 | |
Trendmicro Deep Security Agent | =20.0-update3530 | |
Trendmicro Deep Security Agent | =20.0-update3771 | |
Trendmicro Deep Security Agent | =20.0-update3964 | |
Trendmicro Deep Security Agent | =20.0-update4185 | |
Trendmicro Deep Security Agent | =20.0-update4416 | |
Trendmicro Deep Security Agent | =20.0-update4726 | |
Trendmicro Deep Security Agent | =20.0-update4959 | |
Trendmicro Deep Security Agent | =20.0-update5137 | |
Trendmicro Deep Security Agent | =20.0-update877 | |
Microsoft Windows | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-40710 is a vulnerability in Trend Micro Deep Security that allows local attackers to escalate privileges on affected installations.
CVE-2022-40710 has a severity rating of 7.8 (high).
The affected software is Trend Micro Deep Security version 20.0 (long-term support).
To exploit CVE-2022-40710, an attacker must first obtain the ability to execute low-privileged code on the target system.
Yes, it is recommended to update to the latest version of Trend Micro Deep Security to mitigate this vulnerability.