CVE-2021-28648 — Improper Privilege Management in Antivirus

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 76.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Antivirus Trend Micro Antivirus FOR MAC

Timeline

PublishedApr 22

Latest updateMay 24

Description

Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/antivirus10.5 — 10.5.2088+1

▶CVEListV5trend_micro/trend_micro_antivirus_for_mac2021 (11), 2020 (10.5)

Patches

Patch: helpcenter.trendmicro.com ↗Patch: helpcenter.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-f6cv-7h5c-8g4r: Trend Micro Antivirus for Mac 2020 v10↗2022-05-24

▶

CVEList

CVE-2021-28648: Trend Micro Antivirus for Mac 2020 v10↗2021-04-22

▶