CVE-2022-23120

Summary

A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Trend MicroTrend Micro Deep Security Agent for Linux20, 12, 11, 10affected

Weaknesses

  • Code Injection LPE

ADP Enrichment

CVE Program Container

Additional References

References