Описание
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines.
Ссылки
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
8 High
CVSS3
8.8 High
CVSS3
Дефекты
Связанные уязвимости
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines.
Уязвимость средства антивирусной защиты Trend Micro Deep Security Agent операционных систем Windows, связанная с непринятием мер по нейтрализации специальных элементов, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
EPSS
8 High
CVSS3
8.8 High
CVSS3