CVE-2022-37347 A vulnerability in 2020 and 2021 Trend Micro Security could allow an attacker to read sensitive information from other memory locations and crash the affected machine.

Out-Of-Bounds Read Information Disclosure Vulnerability allows an attacker to read critical data from another memory location which could lead to a crash and critical information leak. A successful exploit could result in sensitive information being leaked to the attacker such as usernames, passwords, or other personal information. This vulnerability affects Trend Micro products with Trend Micro Linux Signing Authority Software installed. Trend Micro products with Trend Micro Linux Signing Authority Software installed are vulnerable to an Insecure Deserialization Insecure Deserialization Vulnerability that could result in an attacker using specially crafted data to execute malicious code on an affected machine. This vulnerability is similar to, but not the same as CVE-2021-35228. Insecure Deserialization Vulnerability allows an attacker to deserialize data to execute malicious code on an affected machine. A successful exploit could result in remote code execution, information leak, or cause a Denial of Service on an affected Trend Micro product with Trend Micro Linux Signing Authority Software installed. This vulnerability affects Trend Micro products with Trend Micro Linux Signing Authority Software installed

TrendMicro.com Security Update for Trend Micro Products with Trend Micro Linux Signing Authority Sof ware

Trend Micro is aware of a vulnerability in Trend Micro products with Trend Micro Linux Signing Authority Software installed that could be exploited by an attacker to perform unauthorized actions on the affected system.
The vulnerability (CVE-2022-37347) exists due to the absence of input validation when processing specially crafted data. A successful exploit could result in sensitive information being leaked, such as usernames, passwords, or other personal information, which could lead to a wide range of fraudulent activities or disclosure of confidential information.

Solution

Trend Micro is working with customers who may have been impacted by these vulnerabilities. Customers can contact Trend Micro Technical Assistance Center (TAC) via the following methods.

1. Phone: 1-800-837-4747
2. Email: support@trendmicro.com
3. Chat: https://chat.trendmicro.com/secure/ContactSupport
4. Contact form: http://www.trendmicro.com/contactus/index?cust_id=0&phone=4086800400

Overview of Vulnerabilities

Trend Micro products with Trend Micro Linux Signing Authority Software installed are vulnerable to two security vulnerabilities. Out-of-Bounds Read Information Disclosure vulnerability allows an attacker to read critical data from another memory location which could lead to a crash and critical information leak, while Insecure Deserialization vulnerability allows an attacker to deserialize data to execute malicious code on an affected machine. These vulnerabilities affect Trend Micro products with Trend Micro Linux Signing Authority Software installed.

Solution and Workaround

Trend Micro recommends updating the Trend Micro Security Platform to the latest version.

There are many ways that digital marketing can be used to help your company grow, but one of the most effective is focusing on its audience. By understanding who you're targeting and what their needs are, you can tailor your marketing efforts to them and increase your chances of reaching a successful conversion.

Timeline

Published on: 09/19/2022 18:15:00 UTC
Last modified on: 09/22/2022 15:00:00 UTC

References

• https://www.zerodayinitiative.com/advisories/ZDI-22-1176/
• https://helpcenter.trendmicro.com/en-us/article/tmka-11058
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37347