Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-15627Link Following in Micro Deep Security Agent

CWE-59Link Following4 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.8%
top 26.42%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Trend Micro Deep Security AgentTrendmicro Deep Security
Timeline
PublishedOct 17
Latest updateMay 24

Description

Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5trend_micro/deep_security_agent10.0, 11.0, 12.0+2
NVDtrendmicro/deep_security10.0, 11.0, 12.0+2

🔴Vulnerability Details

2
GHSA
GHSA-pj45-vvfg-g23c: Versions 102022-05-24
CVEList
CVE-2019-15627: Versions 102019-10-17

💥Exploits & PoCs

1
Exploit-DB
Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite2019-12-06
CVE-2019-15627 — Link Following in Trend | cvebase