CVE-2024-32849

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 68.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro, Inc. Trend Micro Maximum Security (consumer)Trendmicro Maximum Security 2022 Trendmicro Maximum Security 2023

Timeline

PublishedJun 10

Latest updateJun 11

Description

Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5trend_micro,_inc./trend_micro_maximum_security_(consumer)17 — 17.7

▶NVDtrendmicro/maximum_security_202217.0 — 17.7

▶NVDtrendmicro/maximum_security_202317.0 — 17.7

🔴Vulnerability Details

GHSA

GHSA-p595-g9xq-jgcw: Trend Micro Security 17↗2024-06-11

▶

CVEList

CVE-2024-32849: Trend Micro Security 17↗2024-06-10

▶