CVE-2021-36744

CWE-59 CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGH

EPSS

0.2%

top 54.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Trend Micro Security (consumer)Trendmicro Maximum Security 2019 Trendmicro Maximum Security 2020 +2 more

Timeline

PublishedSep 6

Latest updateMay 24

Description

Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDtrendmicro/maximum_security_202016.0

▶NVDtrendmicro/maximum_security_202117.0, 17.2+1

▶CVEListV5trend_micro/trend_micro_security_(consumer)2019, 2020, 2021

▶NVDtrendmicro/security2021

▶NVDtrendmicro/maximum_security_201915.0

Patches

Patch: helpcenter.trendmicro.com ↗Patch: helpcenter.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-569p-vmxp-hg5x: Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system↗2022-05-24

▶

CVEList

CVE-2021-36744: Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system↗2021-09-06

▶