Views:

Release Date: May 28, 2024

Trend Micro Vulnerability Identifier: CVE-2024-36473

Platform(s): Windows 10 version or higher

Summary

Trend Micro has released a new version of Trend Micro VPN. This update addresses a vulnerability that previously allowed local Denial of Service (DoS) and Privilege Escalation under special circumstances due to vulnerable HTTP endpoints exposed to users.

Affected version(s)

PRODUCT AFFECTED VERSION(S) PLATFORM LANGUAGE(S)
Trend Micro VPN 5.8.1012 and below Windows 10 English

Solution

PRODUCT UPDATED VERSION(S) PLATFORM LANGUAGE(S)
Trend Micro VPN 5.8.1025 Windows 10 English

Vulnerability Details

Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges.

Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time.

Mitigating Factors

None identified. Customers are advised to ensure they always have the latest version of the program.

Acknowledgement

Trend Micro would like to thank Hashim Jawad (@ihack4falafel) working with Trend Micro’s Zero Day Initiative (ZDI) for responsibly disclosing this issue and working with Trend Micro to help protect our customers.

External Reference

  • ZDI-CAN-22715
Add a comment