CVE-2022-48191

CWE-3673 documents3 sources
Severity
7.0HIGH
EPSS
0.1%
top 78.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trend Micro, Inc. Trend Micro Maxium Security (consumer)Trendmicro Maximum Security 2022
Timeline
PublishedJan 20

Description

A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

Patches

Patch: helpcenter.trendmicro.comPatch: www.zerodayinitiative.comPatch: helpcenter.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-hwpw-gw93-83r7: A vulnerability exists in Trend Micro Maximum Security 2022 (172023-01-20
CVEList
CVE-2022-48191: A vulnerability exists in Trend Micro Maximum Security 2022 (172023-01-18
CVE-2022-48191 (HIGH CVSS 7) | A vulnerability exists in Trend Mic | cvebase.io