CVE-2021-32462

3 documents3 sources

Severity

8.8HIGH

EPSS

17.4%

top 4.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Password Manager Trend Micro Trend Micro Password Manager

Timeline

PublishedJul 8

Latest updateMay 24

Description

Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations. Authentication is required to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/password_manager5.0.0.1217

▶CVEListV5trend_micro/trend_micro_password_manager5.0.0.1217 and below

🔴Vulnerability Details

GHSA

GHSA-8v9f-vv9v-mqqv: Trend Micro Password Manager (Consumer) version 5↗2022-05-24

▶

CVEList

CVE-2021-32462: Trend Micro Password Manager (Consumer) version 5↗2021-07-08

▶