PT-2022-21718 · Trend Micro · Trend Micro Vpn Proxy One Pro
Hashim Jawad
+1
·
Published
2022-06-16
·
Updated
2022-08-10
·
CVE-2022-33158
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Trend Micro VPN Proxy Pro versions 5.2.1026 and below
Description
The issue involves overly permissive folders in a key directory, which could allow a local attacker to obtain privilege escalation on an affected system.
Recommendations
For versions 5.2.1026 and below, consider restricting access to the key directory until a patch is available.
As a temporary workaround, review and adjust the permissions of the overly permissive folders to prevent local privilege escalation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trend Micro Vpn Proxy One Pro