Arbitrary File Creation Vulnerability in Trend Micro Mobile Security
CVE-2023-32525

6.5MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trend Micro Moibile Security For Enterprise
Vendor: CVE Published:; 26 June 2023

Summary

Trend Micro Mobile Security (Enterprise) 9.8 SP5 is susceptible to security vulnerabilities within its widget functionality, allowing a remote attacker the potential to create arbitrary files on systems where the software is installed. This exploitation requires the attacker to first execute low-privileged code on the target system, presenting a risk if the precondition is met. Understanding the implications of this vulnerability is crucial for maintaining security measures and ensuring that appropriate mitigations are in place.

Affected Version(s)

Trend Micro Moibile Security for Enterprise 9.8 SP5 < 9.8.3294

References

https://success.trendmicro.com/dcx/s/solution/000293106?l...

https://www.zerodayinitiative.com/advisories/ZDI-23-589/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 26, 2023
Vulnerability Reserved
May 9, 2023