CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-33158 – Trend Micro Proxy One Pro Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-33158
Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system. Trend Micro VPN Proxy versiones 5.2.1026 y anteriores, contiene una vulnerabilidad relacionada con algunas carpetas demasiado permisivas en un directorio clave que podría permitir a un atacante local obtener una escalada de privilegios en un sistema afectado This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Proxy One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions set on a directory. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/tmka-11042 https://www.zerodayinitiative.com/advisories/ZDI-22-853 • CWE-552: Files or Directories Accessible to External Parties •