PT-2021-19712 · Trend Micro · Trend Micro Maximum Security

Abdelhamid Naceri

Published

2021-05-21

Updated

2021-06-15

CVE-2021-32460

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Trend Micro Maximum Security version 17

Description: The issue is related to an improper access control vulnerability in the installer, which could allow a local attacker to escalate privileges on a target machine. The attacker must already have local user privileges and access on the machine to exploit this issue.

Recommendations: For version 17, update to a newer version that addresses the improper access control vulnerability in the installer to prevent privilege escalation.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2021-32460

ZDI-21-603

Affected Products

Trend Micro Maximum Security

PT-2021-19712 · Trend Micro · Trend Micro Maximum Security

CVE-2021-32460

Weakness Enumeration

Related Identifiers

Affected Products

References · 4