CVE-2024-36473

EPSS 0.08%
Published 10.06.2024 22:15:11
Last modified 30.07.2025 18:40:36
Source security@trendmicro.com
Teams watchlist Login
Open Login

Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Trendmicro ≫ Vpn Proxy One Editionpro Version < 5.8.1025

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.248

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	1	4.2	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
security@trendmicro.com	5.3	1	4.2	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

https://helpcenter.trendmicro.com/en-us/article/tmka-07247

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-24-585/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-36473

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-36473

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-36473

EUVD