CVE-2022-40707 : An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud On

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708.

Published 2022-09-28 21:15:15

Updated 2024-02-27 20:39:46

Source Trend Micro, Inc.

View at NVD, CVE.org

Products affected by CVE-2022-40707

Trendmicro » Deep Security Agent » Version: 20.0 Update Update2921 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2921:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update182 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update182:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update1876 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1876:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update223 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update223:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update3445 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3445:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update213 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update213:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update183 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update183:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update190 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update190:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update4726 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4726:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update1559 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1559:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update3288 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3288:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update167 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update167:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update3771 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3771:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update173 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update173:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update224 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update224:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update4185 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4185:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update180 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update180:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update2204 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2204:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update2009 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2009:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update2419 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2419:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update4959 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4959:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update3964 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3964:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update5137 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update5137:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update1337 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1337:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update2593 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2593:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update208 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update208:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update877 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update877:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update158 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update158:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update198 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update198:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update3530 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3530:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update4416 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update4416:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update2740 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update2740:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update3165 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update3165:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update1822 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1822:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Update Update1681 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:update1681:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Trendmicro » Deep Security Agent » Version: 20.0 Long Term Support Edition
cpe:2.3:a:trendmicro:deep_security_agent:20.0:-:*:*:long_term_support:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-40707

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-40707

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	1.8	1.4	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2022-40707

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-40707

https://www.zerodayinitiative.com/advisories/ZDI-22-1297/

ZDI-22-1297 | Zero Day Initiative
Third Party Advisory;VDB Entry
https://success.trendmicro.com/solution/000291590

Case Solution
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-40707

Products affected by CVE-2022-40707

Exploit prediction scoring system (EPSS) score for CVE-2022-40707

CVSS scores for CVE-2022-40707

CWE ids for CVE-2022-40707

References for CVE-2022-40707