CVE-2021-25251

CWE-94 — Code Injection3 documents3 sources

Severity

7.2HIGH

EPSS

0.9%

top 24.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Trend Micro Security (consumer)Trendmicro Antivirus\+ Security 2020 Trendmicro Antivirus\+ Security 2021 +6 more

Timeline

PublishedFeb 10

Latest updateMay 24

Description

The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages9 packages

▶NVDtrendmicro/maximum_security_202016.0

▶NVDtrendmicro/maximum_security_202117.0

▶NVDtrendmicro/premium_security_202016.0

▶NVDtrendmicro/premium_security_202117.0

▶NVDtrendmicro/internet_security_202016.0

🔴Vulnerability Details

GHSA

GHSA-3pw2-j2vj-ghmp: The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to↗2022-05-24

▶

CVEList

CVE-2021-25251: The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to↗2021-02-10

▶