CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55955 – Trend Micro Deep Security Agent Incorrect Permissions Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-55955
31 Dec 2024 — An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security Agent. An attacker must first... • https://success.trendmicro.com/en-US/solution/KA-0018571 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51503 – Trend Micro Deep Security Agent Manual Scan Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-51503
19 Nov 2024 — A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally a... • https://success.trendmicro.com/en-US/solution/KA-0018154 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •