CVE-2024-36473 - Vulnerability Details - OpenCVE

Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Trendmicro	Vpn Proxy One

Configuration 1 [-]

cpe:2.3:a:trendmicro:vpn_proxy_one:*:*:pro:*:*:*:*:*

No data.

References

Link	Providers
https://helpcenter.trendmicro.com/en-us/article/tmka-07247
https://www.zerodayinitiative.com/advisories/ZDI-24-585/

History

Wed, 30 Jul 2025 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Trendmicro Trendmicro vpn Proxy One
CPEs		cpe:2.3:a:trendmicro:vpn_proxy_one:::pro:::::*
Vendors & Products		Trendmicro Trendmicro vpn Proxy One

Sat, 29 Mar 2025 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-73

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2024-06-10T21:22:16.960Z

Updated: 2025-03-28T23:46:05.938Z

Reserved: 2024-05-28T23:48:18.242Z

Link: CVE-2024-36473

Vulnrichment

Updated: 2024-08-02T03:37:05.369Z

NVD

Status : Analyzed

Published: 2024-06-10T22:15:11.997

Modified: 2025-07-30T18:40:36.057

Link: CVE-2024-36473

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36473", "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "state": "PUBLISHED", "assignerShortName": "trendmicro", "dateReserved": "2024-05-28T23:48:18.242Z", "datePublished": "2024-06-10T21:22:16.960Z", "dateUpdated": "2025-03-28T23:46:05.938Z"}, "containers": {"cna": {"affected": [{"vendor": "Trend Micro, Inc.", "product": "Trend Micro VPN Proxy One Pro", "versions": [{"version": "5.8", "status": "affected", "versionType": "semver", "lessThan": "5.8.1012"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges."}], "providerMetadata": {"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro", "dateUpdated": "2024-06-10T21:22:16.960Z"}, "references": [{"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-07247"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-585/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H"}}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-73", "lang": "en", "description": "CWE-73 External Control of File Name or Path"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T19:04:01.120640Z", "id": "CVE-2024-36473", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T23:46:05.938Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:05.369Z"}, "title": "CVE Program Container", "references": [{"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-07247", "tags": ["x_transferred"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-585/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-07247", "tags": ["x_transferred"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-585/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:05.369Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36473", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-11T19:04:01.120640Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73 External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T19:04:11.805Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Trend Micro, Inc.", "product": "Trend Micro VPN Proxy One Pro", "versions": [{"status": "affected", "version": "5.8", "lessThan": "5.8.1012", "versionType": "semver"}]}], "references": [{"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-07247"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-585/"}], "descriptions": [{"lang": "en", "value": "Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges."}], "providerMetadata": {"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro", "dateUpdated": "2024-06-10T21:22:16.960Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36473", "state": "PUBLISHED", "dateUpdated": "2025-03-28T23:46:05.938Z", "dateReserved": "2024-05-28T23:48:18.242Z", "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "datePublished": "2024-06-10T21:22:16.960Z", "assignerShortName": "trendmicro"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:vpn_proxy_one:*:*:pro:*:*:*:*:*", "matchCriteriaId": "71346F60-0453-48B5-AD2B-EBCCB4B758AA", "versionEndExcluding": "5.8.1025", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges."}, {"lang": "es", "value": "Trend Micro VPN Proxy One Pro, versi\u00f3n 5.8.1012 y anteriores es vulnerable a un ataque de creaci\u00f3n o sobrescritura de archivos arbitrario, pero est\u00e1 limitado a la denegaci\u00f3n de servicio (DoS) local y, en condiciones espec\u00edficas, puede provocar una elevaci\u00f3n de privilegios."}], "id": "CVE-2024-36473", "lastModified": "2025-07-30T18:40:36.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 4.2, "source": "security@trendmicro.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-10T22:15:11.997", "references": [{"source": "security@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-07247"}, {"source": "security@trendmicro.com", "tags": ["Third Party Advisory"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-585/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-07247"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-585/"}], "sourceIdentifier": "security@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}