Privilege Escalation Vulnerability in Trend Micro Maximum Security 2022
CVE-2022-48191

7HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Maxium Security (Consumer)
Vendor: CVE Published:; 20 January 2023

Summary

A vulnerability in Trend Micro Maximum Security 2022 (17.7) allows low-privileged users to write a malicious executable to a designated location. During the removal and restoration process, an attacker could exploit this flaw to replace an original folder with a mount point leading to an arbitrary location, thereby escalating their privileges on the affected system. This presents a significant risk, as it can compromise the integrity of the system and provide unauthorized access to sensitive information.

Affected Version(s)

Trend Micro Maxium Security (Consumer) 2022 (17.7) < 17.7

References

https://helpcenter.trendmicro.com/en-us/article/tmka-11252

https://www.zerodayinitiative.com/advisories/ZDI-23-053/

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2023
Vulnerability Reserved
Dec 30, 2022