CVE-2022-40709 An OOB read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security could allow a local attacker to disclose sensitive information.

In order to exploit this issue, an attacker must be able to log into the system as a user with low-privilege. The specificities of the system, such as the version of Trend Micro product installed, could prevent an attacker from logging in. In addition, the user must have access to an out-of-bounds read vulnerability in the Trend Micro product. An attacker can exploit this issue by sending a specially crafted request to the affected system. An exploit may attempt to exploit the issue by sending a request to an application that performs out-of-bounds reads, such as the Trend Micro product.

A patch for this issue has been released. The fix for this issue is included in the following Trend Micro products:
A patch for this issue has been released. The fix for this issue is included in the following Trend Micro products:

Trend Micro™ Smart Protection Network™

Trend Micro™ Smart Protection Network™ (TMSPN) customers are protected against this vulnerability.

Trend Micro™ Smart Protection Network (SPN) Console

The following Trend Micro™ products have released a patch for the issue:
*Trend Micro™ Smart Protection Network (SPN) Console
If you are an administrator of any of these systems, you should apply the patch to your system. The fix is also available in latest release versions of Trend Micro™ Security for Email Scanner and Trend Micro™ Security for Microsoft Exchange Server.

Trend Micro™ Smart Protection Network™ (SPN)

SPN is a virtual appliance that provides protection for your network, detecting and blocking threats in real time. SPN also monitors for new vulnerabilities, automatically updating the system with the latest protection.

To exploit this issue, an attacker must be able to log into the system as a user with low-privilege. The specificities of the system, such as the version of Trend Micro product installed, could prevent an attacker from logging in. In addition, the user must have access to an out-of-bounds read vulnerability in the Trend Micro product. An attacker can exploit this issue by sending a specially crafted request to the affected system. An exploit may attempt to exploit this issue by sending a request to an application that performs out-of-bounds reads, such as the Trend Micro product.

Trend Micro Smart Protection Network (SPN)

The Trend Micro Smart Protection Network (SPN) is a network-level security service that monitors and protects your employees and customers against threats, including viruses, spyware, bots and phishing. The SPN helps protect you from known vulnerabilities, such as this one. If a system with Trend Micro installed is vulnerable to the CVE-2022-40709 issue, it will get classified as an Impact Zone.

The SPN monitors machines on your network and classifies them based on risk level. If a high-risk classification occurs, the user will be notified of the risk via email or an in-product notification. In order to help mitigate potential risks associated with this vulnerability, Trend Micro recommends disabling automatic updates for affected products.

Timeline

Published on: 09/28/2022 21:15:00 UTC
Last modified on: 09/29/2022 15:05:00 UTC

References

• https://www.zerodayinitiative.com/advisories/ZDI-22-1299/
• https://success.trendmicro.com/solution/000291590
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40709