Search criteria
2 vulnerabilities found for vpn by trendmicro
CVE-2024-41183 (GCVE-0-2024-41183)
Vulnerability from nvd – Published: 2024-10-22 18:26 – Updated: 2025-03-13 16:17
VLAI
Summary
Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro, Inc. | Trend Micro VPN (consumer) |
Affected:
5.8 , < 5.8.1030
(semver)
|
|
| trend_micro_inc | vpn_consumer |
Affected:
5.8 , < 5.8.1030
(semver)
cpe:2.3:a:trend_micro_inc:vpn_consumer:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trend_micro_inc:vpn_consumer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vpn_consumer",
"vendor": "trend_micro_inc",
"versions": [
{
"lessThan": "5.8.1030",
"status": "affected",
"version": "5.8",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T19:26:23.095093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T16:17:49.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro VPN (consumer)",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "5.8.1030",
"status": "affected",
"version": "5.8",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T18:26:51.474Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-14460"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1023/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1022/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2024-41183",
"datePublished": "2024-10-22T18:26:51.474Z",
"dateReserved": "2024-07-17T20:20:43.333Z",
"dateUpdated": "2025-03-13T16:17:49.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41183 (GCVE-0-2024-41183)
Vulnerability from cvelistv5 – Published: 2024-10-22 18:26 – Updated: 2025-03-13 16:17
VLAI
Summary
Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Trend Micro, Inc. | Trend Micro VPN (consumer) |
Affected:
5.8 , < 5.8.1030
(semver)
|
|
| trend_micro_inc | vpn_consumer |
Affected:
5.8 , < 5.8.1030
(semver)
cpe:2.3:a:trend_micro_inc:vpn_consumer:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trend_micro_inc:vpn_consumer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vpn_consumer",
"vendor": "trend_micro_inc",
"versions": [
{
"lessThan": "5.8.1030",
"status": "affected",
"version": "5.8",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T19:26:23.095093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T16:17:49.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro VPN (consumer)",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "5.8.1030",
"status": "affected",
"version": "5.8",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T18:26:51.474Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-14460"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1023/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1022/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2024-41183",
"datePublished": "2024-10-22T18:26:51.474Z",
"dateReserved": "2024-07-17T20:20:43.333Z",
"dateUpdated": "2025-03-13T16:17:49.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}