Incorrect Permissions Assignment in Trend Micro Deep Security Agents
CVE-2024-55955

6.7MEDIUM

Key Information:

Vendor
Trend Micro
Status
Trend Micro Deep Security
Vendor
CVE Published:
31 December 2024

Summary

The vulnerability in Trend Micro Deep Security 20.0 agents arises from incorrect permissions assignment, affecting versions between 20.0.1-9400 and 20.0.1-23340. This flaw permits local attackers, who have already executed low-privileged code, to escalate their privileges on compromised installations. Remedial actions are essential to ensure that security configurations are correctly set to mitigate potential exploitation risks.

Affected Version(s)

Trend Micro Deep Security 20 < 20.0.1-23340

References

https://success.trendmicro.com/en-US/solution/KA-0018571

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.