CVE-2024-55955

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-55955
An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

6.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://success.trendmicro.com/en-US/solution/KA-0018571 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update12510:*:*:long_term_support:*:*:*
cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update14610:*:*:long_term_support:*:*:*
cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update17380:*:*:long_term_support:*:*:*
cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update19250:*:*:long_term_support:*:*:*
cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update21510:*:*:long_term_support:*:*:*
cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update9400:*:*:long_term_support:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

09 Sep 2025, 14:45

Type Values Removed Values Added
References () https://success.trendmicro.com/en-US/solution/KA-0018571 - () https://success.trendmicro.com/en-US/solution/KA-0018571 - Vendor Advisory
Summary
  • (es) Una vulnerabilidad de asignación incorrecta de permisos en los agentes de Trend Micro Deep Security 20.0 entre las versiones 20.0.1-9400 y 20.0.1-23340 podría permitir que un atacante local aumente los privilegios en las instalaciones afectadas. Tenga en cuenta que, para explotar esta vulnerabilidad, un atacante primero debe obtener la capacidad de ejecutar código con pocos privilegios en el sistema de destino.
CPE cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update21510:*:*:long_term_support:*:*:*
cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update19250:*:*:long_term_support:*:*:*
cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update12510:*:*:long_term_support:*:*:*
cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update14610:*:*:long_term_support:*:*:*
cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update9400:*:*:long_term_support:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:deep_security_agent:20.0.1:update17380:*:*:long_term_support:*:*:*
CWE CWE-732
First Time Microsoft
Microsoft windows
Trendmicro
Trendmicro deep Security Agent

31 Dec 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-31 17:15

Updated : 2025-09-09 14:45

NVD link : CVE-2024-55955

Mitre link : CVE-2024-55955

CVE.ORG link : CVE-2024-55955

JSON object : View

Products Affected

trendmicro

  • deep_security_agent

microsoft

  • windows
CWE
CWE-427

Uncontrolled Search Path Element

CWE-732

Incorrect Permission Assignment for Critical Resource