CVE-2024-41183

Published: Oct 22, 2024Modified: Jul 31, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: security@trendmicro.com (Secondary)

Description

Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges.

Affected (1)

Products: Trendmicro: Vpn

Trendmicro

1 product

Vpn

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Vpn	Before 5.8.1030

Related CWEs

CWE-73

External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

References (3)

https://helpcenter.trendmicro.com/en-us/article/tmka-14460

Source: security@trendmicro.com

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-24-1022/

Source: security@trendmicro.com

Third Party Advisory

https://www.zerodayinitiative.com/advisories/ZDI-24-1023/

Source: security@trendmicro.com

Third Party Advisory

Timeline

No history available yet.