Vulnerability in Trend Micro Deep Discovery Inspector Could Allow Sensitive Information Disclosure
CVE-2024-46902

9.1CRITICAL

Key Information:

Vendor: Trend Micro
Status: Deep Discovery Inspector
Vendor: CVE Published:; 22 October 2024

Summary

An identified vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above creates a potential for attackers to disclose sensitive information from compromised installations. To exploit this vulnerability, an attacker must first secure administrative user rights on the target system. This pre-requisite highlights the importance of controlling access to high-privilege accounts, as exploitation hinges on obtaining these elevated permissions. Organizations utilizing Trend Micro DDI should prioritize reviewing their security practices and user access controls to mitigate the risks associated with this vulnerability.

References

https://success.trendmicro.com/en-US/solution/KA-0017793

https://www.zerodayinitiative.com/advisories/ZDI-24-1227/

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 22, 2024