Trend Micro Deep Security Flaw
Trend Micro has patched two high-severity vulnerabilities affecting some of its hybrid cloud security products. Tracked as CVE-2022-23119 and CVE-2022-23120, impacting Deep Security and Cloud One workload security solutions, specifically the Linux agent component.
Modzero firm discovered and the flaws were reported to Trend Micro in September and patches were released in October, November and December.
The Deep Security Agent for Linux is affected by a directory traversal vulnerability that could allow an attacker to read arbitrary files, and a code injection issue that could be exploited to escalate privileges and execute code as root. To perfom this the attacker needs to have access to the targeted system and exploitation is only possible if the agent has not been activated or configured.
The hardcoded default X.509 certificate and a corresponding private key are shipped with the agent software. The certificate is used for communications with the server before the agent is activated.
Vulnerabilities in Trend Micro products have been known to be exploited by malicious actors, particularly flaws in the cybersecurity firm’s Apex One products.