Rewterz Threat Alert – New Ransomware Identified – White Rabbit – Active IOCs
January 21, 2022Rewterz Threat Advisory – CVE-2022-21704 – log4js-node module for Node.js Vulnerability
January 23, 2022Rewterz Threat Alert – New Ransomware Identified – White Rabbit – Active IOCs
January 21, 2022Rewterz Threat Advisory – CVE-2022-21704 – log4js-node module for Node.js Vulnerability
January 23, 2022Severity
High
Analysis Summary
CVE-2022-23120
Trend Micro Deep Security and Cloud One could allow a local authenticated attacker to gain elevated privileges on the system, caused by a code injection vulnerability. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-23119
Trend Micro Deep Security and Cloud One could allow a local authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to the script containing “dot dot” sequences to view arbitrary files on the system.
Impact
- Privilege Escalation
- Unauthorized Access
Affected Vendors
Trend Micro
Affected Products
- Trend Micro Deep Security Agent 20
Remediation
Refer to Trend Micro Advisory for patch, upgrade, or suggested workaround information.