Release Date: June 15, 2022
Trend Micro Vulnerability Identifier: CVE-2022-33158
Platform(s): Microsoft Windows
Severity Rating: 7.8
Summary
Trend Micro has released a new version of Trend Micro VPN (consumer) that resolves an incorrect permission assignment local privilege escalation vulnerability.
Affected version(s)
| PRODUCT | AFFECTED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Trend Micro VPN | Version 5.2.1026 | Microsoft Windows | English |
Solution
Trend Micro has released a version to resolve this issue:
| PRODUCT | UPDATED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Trend Micro VPN | Version 5.3.1056 | Microsoft Windows | English |
Vulnerability Details
Trend Micro VPN version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system.
Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time.
Mitigating Factors
None identified. Customers are advised to ensure they always have the latest version of the program.
Acknowledgement
Trend Micro would like to thank the following individual for responsibly disclosing the issue and working with Trend Micro to help protect our customers:
- Hashim Jawad (@ihack4falafel) with Trend Micro Zero Day Initiative.
Additional Assistance
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.
External Reference
- ZDI-CAN-16303
