CVE-2022-33158 - OpenCVE

Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Trendmicro	Vpn Proxy One Pro
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:trendmicro:vpn_proxy_one_pro:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://helpcenter.trendmicro.com/en-us/article/tmka-11042	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-853/	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: trendmicro

Published: 2022-07-29T23:15:23

Updated: 2022-07-29T23:15:23

Reserved: 2022-06-13T00:00:00

Link: CVE-2022-33158

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-07-30T00:15:08.630

Modified: 2022-08-10T12:39:43.773

Link: CVE-2022-33158

JSON object: View

Redhat Information

No data.

CWE

CWE-552

{"containers": {"cna": {"affected": [{"product": "Trend Micro VPN Proxy One Pro (Consumer)", "vendor": "Trend Micro", "versions": [{"status": "affected", "version": "5.2.1026 and below"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system."}], "problemTypes": [{"descriptions": [{"description": "Incorrect Permission Assignment", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-29T23:15:23", "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11042"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-853/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@trendmicro.com", "ID": "CVE-2022-33158", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Trend Micro VPN Proxy One Pro (Consumer)", "version": {"version_data": [{"version_value": "5.2.1026 and below"}]}}]}, "vendor_name": "Trend Micro"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Incorrect Permission Assignment"}]}]}, "references": {"reference_data": [{"name": "https://helpcenter.trendmicro.com/en-us/article/tmka-11042", "refsource": "MISC", "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11042"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-853/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-853/"}]}}}}, "cveMetadata": {"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "assignerShortName": "trendmicro", "cveId": "CVE-2022-33158", "datePublished": "2022-07-29T23:15:23", "dateReserved": "2022-06-13T00:00:00", "dateUpdated": "2022-07-29T23:15:23", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}