CVE-2021-32460

CWE-732 — Incorrect Permission Assignment CWE-863 — Incorrect Authorization3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 80.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Trend Micro Maxmium Security (consumer)Trendmicro Maximum Security 2021

Timeline

PublishedJun 3

Latest updateMay 24

Description

The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/maximum_security_202117.0

▶CVEListV5trend_micro/trend_micro_maxmium_security_(consumer)2021 (v17)

🔴Vulnerability Details

GHSA

GHSA-8256-vhcj-qq8m: The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could al↗2022-05-24

▶

CVEList

CVE-2021-32460: The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could al↗2021-06-03

▶