CVE-2022-23120

{"id": "CVE-2022-23120", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-01-20T19:15:07.957", "references": [{"url": "https://success.trendmicro.com/solution/000290104", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "security@trendmicro.com"}, {"url": "https://www.modzero.com/advisories/MZ-21-02-Trendmicro.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "security@trendmicro.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en Trend Micro Deep Security y Cloud One - Workload Security Agent para Linux versi\u00f3n 20 y anteriores, podr\u00eda permitir a un atacante escalar privilegios y ejecutar c\u00f3digo arbitrario en el contexto de root. Nota: un atacante debe obtener primero acceso al agente de destino en un estado no activado y no configurado para poder explotar esta vulnerabilidad"}], "lastModified": "2022-01-27T15:59:38.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:*:*:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "B0C257E3-8965-419B-A1CF-A36A0694E772", "versionEndExcluding": "20.0.0-3445", "versionStartIncluding": "20.0"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:-:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "321EB924-8AD5-4BA2-808A-25F802B675B5"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update1:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "09B1BB7D-D806-43B6-B9C4-D7996545C92D"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update10:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "FC319EA4-53C8-4DE2-AA77-AF51EF8EE2C2"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update11:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "E75B8D37-71C4-46D8-BDEA-4092D3EA422A"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update12:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "43976B40-11D5-43AB-9204-6D749204121B"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update13:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "F3D52AB1-7932-4257-A779-76A10FBEE4A7"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update14:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "BD9BD10B-BE86-47AC-AB0C-A107A066B234"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update15:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "36FED81B-AE50-42EB-9F86-37EF97C9453F"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update16:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "B7410926-0A0F-4D7D-93AE-11812B0BFAF5"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update17:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "E28EE556-D322-4B03-9C8B-F6DE9A73E3F7"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update18:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "A009F12A-125E-4B4C-ABAD-AFDF52AC9E33"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update19:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "3A165D79-C3B8-453B-B845-FE7C75FCD887"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update2:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "42B6F868-C72D-49D1-B70F-25F6BDCD9A4A"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update20:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "7130DB44-4550-4D28-8114-2C89C7490C9C"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update21:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "283217E3-921F-407C-B08A-5D71C4A39AC7"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update22:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "353D2026-D8DA-4C4B-A933-6BF33C85751E"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update23:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "BF1DCC0C-E834-436F-8FB1-BD3E857FDCF3"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update24:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "EC19A050-324B-427A-BE1C-B9030A07DB7E"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update25:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "E06D04C4-B1F2-4CC0-BD7D-1125001A2211"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update26:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "14E90A61-DEC5-4EF0-BFD2-6740F20A8E5F"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update27:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "0FACE806-A137-4F32-A975-A0DCC7613252"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update28:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "BDB1F56A-D134-49D8-88D0-F9E80E2051FC"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update29:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "EEC17CCA-83FF-45D3-9CDB-27C5E1FA1D28"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update3:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "03AC8F33-76DE-4159-8FB8-2552D420083A"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update30:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "661512DC-94BF-4033-BCCF-CEB0B4CF30CC"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update31:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "7DBDF5F7-124B-4776-9803-6A03FEDB2075"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update4:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "F0D3A45A-1D11-45E0-92D3-E7398CB049E1"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update5:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "C22891AE-781F-4212-B1D3-9E4F5FB0C14E"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update6:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "A71E3B80-F9A9-45F6-95F5-B6B352FAC27D"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update7:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "16AAC654-6F7E-4557-B03C-1EAD8C6ABB1F"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update8:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "6E3B910C-0D6E-4E4A-BB0D-40A540AC3F06"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:10.0:update9:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "12A1E116-286E-4A47-A44E-360EEA8880AD"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:-:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "E943BEB7-FE23-46EA-ADF0-7F98A4B3CA47"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update1:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "F88232D0-FEEF-485D-B1C9-221C4E967194"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update10:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "7C108DC0-117F-46ED-9A72-D876D8203A80"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update11:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "F67BDB9D-A5B8-4510-8C1D-963BBFF2DCA2"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update12:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "1DBFF14B-08E0-4A49-8A74-919F3A5A3D4F"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update13:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "B909B6D7-52B8-4165-9864-3A05F25EC25C"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update14:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "3B642F2C-D882-418E-8A24-6BD8C40DF42E"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update15:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "A78B7332-7A88-4BC3-9816-60438392C96D"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update16:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "B53E159E-9723-4AA2-AA30-B20FB8BE1823"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update17:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "8BBC6429-3B3A-4CB2-9829-F0B3DEE23CC6"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update18:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "D55E7CCF-A94E-469A-95EC-37D378AAFB62"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update19:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "CB6149B2-EDDA-4AB0-B089-5F165776194E"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update2:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "E14C97A1-E3A1-44E4-9400-D2338809857A"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update20:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "E9CA17B2-29B0-440E-9941-A286F11D3FBD"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update21:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "C2DF06E1-A427-4F8C-B317-9BD4DF53BB75"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update22:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "B5660651-78FC-4EB3-9C63-02AE21098F20"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update23:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "84CB2D0C-D84D-420C-9BB7-1744F9D106D2"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update24:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "5E889298-AF8C-41FB-9130-5E977D4A9F5D"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update25:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "519FABA6-389D-4F7A-994A-0B6840FC01D8"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update26:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "2BABC000-62AE-48EA-952E-E2735702C5FF"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update27:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "60502D21-2275-4A71-A1C3-E9F7730DC26F"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update3:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "F0A6CCFE-B2ED-495C-BAA7-6EBD86DB4DEB"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update4:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "625C44C4-6753-43F4-BD40-BC7B0BD4D063"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update5:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "A0A04ED2-5ED5-46E3-BE03-79AD3B31F08F"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update6:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "8677CC3F-D1C5-493F-9078-3C47DE38C3C1"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update7:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "F7D02C0C-CCA6-45DB-A3CC-8CB3454FE4DA"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update8:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "08C0A5A4-5F01-4DDE-84A2-816DEAA2CF3B"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:11.0:update9:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "3807FB6F-B75B-425D-BF5F-0B6C2501908E"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:-:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "7D8B777A-D631-476A-B161-D704F25A9BD5"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update1:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "F2239884-756F-4032-BC83-38969192C062"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update10:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "C85FB7B4-15AB-4D71-B8E4-FD72BCA47943"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update11:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "EEBC3261-6785-494A-AF69-9B9E92C1C449"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update12:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "4BDE013F-B4E8-433C-BD95-E6578E8B6E2A"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update13:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "1BD1467E-E658-4F27-8123-6C27C99E95A1"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update14:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "A9611071-E484-4F32-8F18-FD299A60E335"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update15:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "D65290CE-9638-45C4-96F9-C0B676FAA834"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update16:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "D257AA23-A28F-4110-819F-7D0F246DD2DA"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update17:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "A9F8542C-ED04-483C-AB27-D4FE55558951"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update18:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "2616E2DF-8FB3-4B8C-B329-334D794242E5"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update19:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "9C9471AE-E7C2-4789-907D-EC5F1195431E"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update2:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "4CB292C1-9467-4987-B670-927287503F46"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update20:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "0418BDF2-673B-40CF-BC64-7C4C24AA72FE"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update21:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "14370D4B-5141-4581-8F92-7F9BDB885282"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update3:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "2D2D0C04-948C-4B24-A6EC-FB54A57077F9"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update4:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "6F454D5A-1C03-42F6-8639-FC550F5D8B48"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update5:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "1A824F50-CB92-4FE2-B097-C4DD9E8D65FB"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update6:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "DB62D225-22C1-4452-856A-EFE31CC6FA0D"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update7:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "FD084BE9-D333-4495-874D-4E7DF892494D"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update8:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "B1CB2EC1-3CEF-4033-A6BB-328D53752BEC"}, {"criteria": "cpe:2.3:a:trendmicro:deep_security_agent:12.0:update9:*:*:long_term_support:*:*:*", "vulnerable": true, "matchCriteriaId": "ED56C9F2-19A4-4E1E-BF02-8E192415E09F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@trendmicro.com"}