Privilege Escalation Vulnerability in Trend Micro Deep Security Service
CVE-2019-18191

8.8HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Deep Security As A Service
Vendor: CVE Published:; 16 December 2019

Summary

A vulnerability exists in the Trend Micro Deep Security as a Service Quick Setup cloud formation template, allowing an authenticated entity with specific unrestricted AWS execution privileges to gain full privileges within the target AWS account. This escalation of privileges poses significant risks, enabling potential unauthorized actions within the AWS environment.

Affected Version(s)

Trend Micro Deep Security as a Service SaaS

References

https://success.trendmicro.com/solution/000157758

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2019
Vulnerability Reserved
Oct 17, 2019