https://success.trendmicro.com/solution/000296337 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>https://success.trendmicro.com/solution/000296337 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>

Exploit
CVE-2023-52338

Improper Link Resolution Before File Access ('Link Following') (CWE-59)

Published: Jan 23, 2024 / Updated: 10mo ago

010
CVSS 7.8EPSS 0.05%High
CVE info copied to clipboard

Summary

A vulnerability in Trend Micro Deep Security and Deep Security Agent allows local attackers to escalate privileges on affected installations. The flaw exists within the Trend Micro Anti-Malware Solution Platform. By creating a symbolic link, an attacker can abuse the service to delete a file, potentially leading to privilege escalation and arbitrary code execution in the context of SYSTEM.

Impact

This vulnerability has a high impact on system integrity, availability, and confidentiality. Successful exploitation could allow an attacker with low-level privileges to escalate to SYSTEM-level privileges, enabling them to execute arbitrary code with the highest level of access. This could lead to complete system compromise, including data theft, modification of critical system files, installation of malware, or disruption of services.

Exploitation

One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Trend Micro has issued an update to correct this vulnerability. Details about the patch can be found at: https://success.trendmicro.com/solution/000296337

Mitigation

1. Apply the patch provided by Trend Micro as soon as possible. 2. Implement the principle of least privilege to minimize the potential impact of successful exploits. 3. Monitor and restrict local access to systems running Trend Micro Deep Security or Deep Security Agent. 4. Regularly audit file system permissions and symbolic links to detect any suspicious activity. 5. Keep all Trend Micro products and the underlying operating system up-to-date with the latest security patches.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2023-52338. See article

Jan 19, 2024 at 6:16 AM / ZDI: Published Advisories
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jan 19, 2024 at 6:20 AM
CVE Assignment

NVD published the first details for CVE-2023-52338

Jan 23, 2024 at 1:15 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (379317)

Jan 24, 2024 at 12:00 AM
EPSS

EPSS Score was set to: 0.05% (Percentile: 12.6%)

Jan 31, 2024 at 2:40 PM
Static CVE Timeline Graph

Affected Systems

Trendmicro/deep_security_agent
+null more

Exploits

https://www.zerodayinitiative.com/advisories/ZDI-24-076/
+null more

Patches

success.trendmicro.com
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-132: Symlink Attack
+null more

Vendor Advisory

ZDI-24-076: Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.

News

Multiple vulnerabilities in multiple Trend Micro products
Local privilege escalation due to a link following vulnerability - CVE-2023-52338 Apply the patch according to the information provided by the developer.
NA - CVE-2023-52338 - A link following vulnerability in the Trend...
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected...
CVE-2023-52338
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. CVE-2023-52338 originally published on CyberSecurityBoard
TREND MICRO, INC. TREND MICRO DEEP SECURITY AGENT CVE-2023-52338 CVE-2023-52338 A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. https://www. cve.org/CVERecord?id=CVE-2023- 52338 https:// success.trendmicro.com/dcx/s/s olution/000296337?language=en_US https://www. zerodayinitiative.com/advisori es/ZDI-24-076/ # TrendMicro ,Inc. # TrendMicroDeepSecurityAgent # CVE_2023_52338 # bot
CVE-2023-52338
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI