CVE-2022-40707

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

3.3LOW

EPSS

0.2%

top 60.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Trend Micro Deep Security Trendmicro Deep Security Agent

Timeline

PublishedSep 28

Latest updateSep 29

Description

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶NVDtrendmicro/deep_security_agent20.0

▶CVEListV5trend_micro/trend_micro_deep_security20

🔴Vulnerability Details

GHSA

GHSA-6rgg-g947-g2f8: An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker t↗2022-09-29

▶

CVEList

CVE-2022-40707: An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker t↗2022-09-28

▶