PT-2022-20157 · Trend Micro · Trend Micro Password Manager

Kharosx0

Published

2022-05-11

Updated

2022-05-25

CVE-2022-30523

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below

Description The issue allows a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM, which can then be used for privilege escalation on the affected machine.

Recommendations For Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below, update to a version above 5.0.0.1266 to resolve the issue. As a temporary workaround, consider restricting access to sensitive folders to minimize the risk of exploitation.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2022-30523

ZDI-22-759

Affected Products

Trend Micro Password Manager

PT-2022-20157 · Trend Micro · Trend Micro Password Manager

CVE-2022-30523

Weakness Enumeration

Related Identifiers

Affected Products

References · 5