Incorrect Permissions Assignment in Trend Micro Deep Security Agents
CVE-2024-55955

6.7MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trend Micro Deep Security
Vendor: CVE Published:; 31 December 2024

🔔 Create Trend Micro Vulnerability Alert

What is CVE-2024-55955?

The vulnerability in Trend Micro Deep Security 20.0 agents arises from incorrect permissions assignment, affecting versions between 20.0.1-9400 and 20.0.1-23340. This flaw permits local attackers, who have already executed low-privileged code, to escalate their privileges on compromised installations. Remedial actions are essential to ensure that security configurations are correctly set to mitigate potential exploitation risks.

Affected Version(s)

Trend Micro Deep Security 20 < 20.0.1-23340

References

https://success.trendmicro.com/en-US/solution/KA-0018571

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 13, 2024