Vulnerability Details CVE-2022-23120
A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.5%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.9
References
Products affected by CVE-2022-23120
-
cpe:2.3:a:trendmicro:deep_security_agent:10.0
-
cpe:2.3:a:trendmicro:deep_security_agent:11.0
-
cpe:2.3:a:trendmicro:deep_security_agent:12.0
-
cpe:2.3:a:trendmicro:deep_security_agent:20.0
-
cpe:2.3:o:linux:linux_kernel:-