CVE-2024-23940 — HIGH (7.8)

Q: How severe is CVE-2024-23940?

CVE-2024-23940 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-23940?

Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Air Support, Trendmicro Antivirus \+ Security, Trendmicro Internet Security, Trendmicro Maximum Security, Trendmicro Premium Security.

Vulnerability Description

Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Trendmicro	Air Support	< 6.0.2103
Trendmicro	Antivirus \+ Security	< 6.0.2103
Trendmicro	Internet Security	< 6.0.2103
Trendmicro	Maximum Security	< 6.0.2103
Trendmicro	Premium Security	< 6.0.2103
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-427

References

https://helpcenter.trendmicro.com/en-us/article/tmka-12134Vendor Advisory
https://helpcenter.trendmicro.com/ja-jp/article/tmka-12132Vendor Advisory
https://medium.com/@s1kr10s/av-when-a-friend-becomes-an-enemy-55f41aba42b1ExploitTechnical DescriptionThird Party Advisory
https://helpcenter.trendmicro.com/en-us/article/tmka-12134Vendor Advisory
https://helpcenter.trendmicro.com/ja-jp/article/tmka-12132Vendor Advisory
https://medium.com/@s1kr10s/av-when-a-friend-becomes-an-enemy-55f41aba42b1ExploitTechnical DescriptionThird Party Advisory

FAQ

What is CVE-2024-23940?

CVE-2024-23940 is a vulnerability with a CVSS score of 7.8 (HIGH). Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited ...

How severe is CVE-2024-23940?

CVE-2024-23940 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-23940?

Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Air Support, Trendmicro Antivirus \+ Security, Trendmicro Internet Security, Trendmicro Maximum Security, Trendmicro Premium Security.