Release Date: May 28, 2024
Trend Micro Vulnerability Identifier: CVE-2024-36473
Platform(s): Windows 10 version or higher
Summary
Trend Micro has released a new version of Trend Micro VPN. This update addresses a vulnerability that previously allowed local Denial of Service (DoS) and Privilege Escalation under special circumstances due to vulnerable HTTP endpoints exposed to users.
Affected version(s)
| PRODUCT | AFFECTED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Trend Micro VPN | 5.8.1012 and below | Windows 10 | English |
Solution
| PRODUCT | UPDATED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Trend Micro VPN | 5.8.1025 | Windows 10 | English |
Vulnerability Details
Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges.
Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time.
Mitigating Factors
None identified. Customers are advised to ensure they always have the latest version of the program.
Acknowledgement
Trend Micro would like to thank Hashim Jawad (@ihack4falafel) working with Trend Microβs Zero Day Initiative (ZDI) for responsibly disclosing this issue and working with Trend Micro to help protect our customers.
External Reference
- ZDI-CAN-22715
