Improper Access Control Vulnerability in Trend Micro Maximum Security 2021
CVE-2021-32460

7.8HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Maxmium Security (consumer)
Vendor: CVE Published:; 3 June 2021

Summary

The Trend Micro Maximum Security 2021 product is susceptible to an improper access control vulnerability within its installer. This flaw can potentially allow a local attacker, who already possesses user privileges on the target machine, to escalate their permissions. Exploitation of this vulnerability can compromise the security of the affected system, emphasizing the need for users to maintain strict access controls and apply the latest security updates.

Affected Version(s)

Trend Micro Maxmium Security (Consumer) 2021 (v17)

References

https://helpcenter.trendmicro.com/en-us/article/TMKA-10336

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-603/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 3, 2021
Vulnerability Reserved
May 7, 2021