CVE-2023-32525

Published: Jun 26, 2023Modified: Dec 5, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32526.

Affected (1)

Products: Trendmicro: Mobile Security

1 product

Mobile Security

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Mobile Security	Version 9.8 sp5

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US

Source: security@trendmicro.com

PatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-23-589/

Source: security@trendmicro.com

Third Party AdvisoryVDB Entry

https://success.trendmicro.com/dcx/s/solution/000293106?language=en_US

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-23-589/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.