CVE-2022-48191

7HIGH

Key Information

Vendor: Trend Micro
Status: Trend Micro Maxium Security (Consumer)
Vendor: CVE Published:; 20 January 2023

Summary

A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system.

Affected Version(s)

Trend Micro Maxium Security (Consumer) < 17.7

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jan 20, 2023
Vulnerability Reserved.
Dec 30, 2022

Collectors

NVD DatabaseMitre Database