Trend Micro recently amended two high-risk vulnerabilities affecting some of its hybrid cloud security products. Data and evidence manipulation (PoC) were released by researchers who found errors.
Risks are tracked as CVE-2022-23119 and CVE-2022-23120, and affect Advanced Security and Cloud One load security solutions, especially the Linux agent component.
The threat was discovered by researchers at the Swiss-German cybersecurity modzero company, which released the advice and exploitation of the PoC on January 19, the same day Trend Micro announced the episodes.
Mungelo found that the Deep Security Agent for Linux was affected by a list of vulnerabilities that could allow an attacker to read unruly files, as well as a code injection that could be misused to maximize rights and use code as a root.