PT-2021-5426 · Trend Micro · Trend Micro Worry-Free Business Security

Izobashi

Published

2021-06-25

Updated

2021-12-06

CVE-2021-44021

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro Worry-Free Business Security version 10.0 SP1

Description The issue is related to unnecessary privileges in Trend Micro Worry-Free Business Security, which could allow a local attacker to escalate privileges on affected installations. To exploit this, an attacker must first obtain the ability to execute low-privileged code on the target system. The vulnerability is associated with inadequate access control and could allow an attacker to elevate their privileges and execute arbitrary code.

Recommendations For Trend Micro Worry-Free Business Security version 10.0 SP1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-269

Related Identifiers

BDU:2021-06269

CVE-2021-44021

ZDI-21-1366

Affected Products

Trend Micro Worry-Free Business Security

PT-2021-5426 · Trend Micro · Trend Micro Worry-Free Business Security

CVE-2021-44021

Weakness Enumeration

Related Identifiers

Affected Products

References · 9