https://success.trendmicro.com/solution/000296337 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>https://success.trendmicro.com/solution/000296337 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>
Improper Link Resolution Before File Access ('Link Following') (CWE-59)
A vulnerability in Trend Micro Deep Security and Deep Security Agent allows local attackers to escalate privileges on affected installations. The flaw exists within the Trend Micro Anti-Malware Solution Platform. By creating a symbolic link, an attacker can abuse the service to delete a file, potentially leading to privilege escalation and arbitrary code execution in the context of SYSTEM.
This vulnerability has a high impact on system integrity, availability, and confidentiality. Successful exploitation could allow an attacker with low-level privileges to escalate to SYSTEM-level privileges, enabling them to execute arbitrary code with the highest level of access. This could lead to complete system compromise, including data theft, modification of critical system files, installation of malware, or disruption of services.
One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.
A patch is available. Trend Micro has issued an update to correct this vulnerability. Details about the patch can be found at: https://success.trendmicro.com/solution/000296337
1. Apply the patch provided by Trend Micro as soon as possible. 2. Implement the principle of least privilege to minimize the potential impact of successful exploits. 3. Monitor and restrict local access to systems running Trend Micro Deep Security or Deep Security Agent. 4. Regularly audit file system permissions and symbolic links to detect any suspicious activity. 5. Keep all Trend Micro products and the underlying operating system up-to-date with the latest security patches.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Feedly found the first article mentioning CVE-2023-52338. See article
Feedly estimated the CVSS score as MEDIUM
NVD published the first details for CVE-2023-52338
Detection for the vulnerability has been added to Qualys (379317)
EPSS Score was set to: 0.05% (Percentile: 12.6%)