CVE-2022-40142 An Apex One and Asa Service agent vulnerability could allow a local attacker to create a writable folder and escalate privileges.

On Trend Micros official cybersecurity blog, it was noted that an attacker could leverage a local privilege escalation vulnerability in an affected version of Trend Micros Apex One and Trend Micro Apex One as a Service agents to create a writable folder in an arbitrary location and escalate access privileges on the system. Trend Micro has identified a local privilege escalation vulnerability in the Trend Micro endpoint protection software that could allow an attacker to escalate access privileges on an affected system. An attacker could exploit this vulnerability to obtain elevated access rights to the affected system.

Vulnerability summary

Trend Micro has identified a local privilege escalation vulnerability in their endpoint protection software that could allow an attacker to escalate access privileges on an affected system.
An attacker would exploit this vulnerability by obtaining elevated access rights to the affected system.

Vulnerability overview

A local privilege escalation vulnerability in Trend Micros endpoint protection software could allow an attacker to escalate access privileges on a system. An attacker could exploit this vulnerability to obtain elevated access rights to the affected system.

Terminology

Privilege escalation: A privilege elevation that allows a process to gain access rights or execute actions that were previously impossible for the process.
Privilege elevation: Privilege elevation is the ability to take action on a system that was previously not possible for the process.
Privileged process: Process with elevated privileges on a system.

Timeline

Published on: 09/19/2022 18:15:00 UTC
Last modified on: 09/21/2022 13:51:00 UTC

References