PT-2021-5390 · Trend Micro · Trend Micro Worry-Free Business Security

Izobashi

Published

2021-06-25

Updated

2021-12-06

CVE-2021-44020

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro Worry-Free Business Security version 10.0 SP1

Description The issue is related to insufficient access control in the Security Server of Trend Micro Worry-Free Business Security, which can be exploited to escalate privileges and execute arbitrary code. A local attacker must first obtain the ability to execute low-privileged code on the target system to exploit this issue.

Recommendations For Trend Micro Worry-Free Business Security version 10.0 SP1, update to a version that includes a fix for the privilege escalation issue to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-269

Related Identifiers

BDU:2021-06229

CVE-2021-44020

ZDI-21-1365

Affected Products

Trend Micro Worry-Free Business Security

PT-2021-5390 · Trend Micro · Trend Micro Worry-Free Business Security

CVE-2021-44020

Weakness Enumeration

Related Identifiers

Affected Products

References · 12