CVE-2024-41183

Name of the Vulnerable Software and Affected Versions Trend Micro VPN versions 5.8.1012 and below Trend Micro VPN Proxy One Pro (affected versions not specified)

Description The issue is related to incorrect link resolution before accessing a file in the DEP Manager component of Trend Micro VPN Proxy One Pro for Windows. This can allow an attacker to elevate their privileges under specific conditions. The vulnerability may lead to arbitrary file overwrite, resulting in privilege escalation.

Recommendations For Trend Micro VPN versions 5.8.1012 and below, update to a version above 5.8.1012 to resolve the issue. For Trend Micro VPN Proxy One Pro, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.