ZDI-22-1296: Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Trend Micro Anti-Malware Solution Platform. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro Deep Security Agent |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-22-1296?
The severity of ZDI-22-1296 is classified as high due to its ability to allow local privilege escalation.
How do I fix ZDI-22-1296?
To fix ZDI-22-1296, update Trend Micro Deep Security to the latest version provided by the vendor.
What systems are affected by ZDI-22-1296?
ZDI-22-1296 affects installations of Trend Micro Deep Security Agent.
Can an attacker exploit ZDI-22-1296 remotely?
No, an attacker must have local access to execute low-privileged code in order to exploit ZDI-22-1296.
What are the potential impacts of ZDI-22-1296?
The potential impacts of ZDI-22-1296 include unauthorized access and control over the affected system.
- agent/references
- agent/type
- agent/softwarecombine
- agent/severity
- agent/title
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-22-1296
- alias/ZDI-CAN-15467
- alias/CVE-2022-40710
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/trend micro
- canonical/trend micro deep security agent