CVE-2022-38764

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Trend Micro HouseCall versions 1.62.1.1133 and below

Description The issue is related to incorrect permission assignment, which could allow a local attacker to escalate privileges due to an overly permissive folder in the product installer. This could potentially enable a remote attacker to elevate their privileges.

Recommendations For Trend Micro HouseCall versions 1.62.1.1133 and below, consider restricting access to the overly permissive folder in the product installer as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Default Permissions

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276CWE-266

Related Identifiers

BDU:2022-05548

CVE-2022-38764

ZDI-22-1178

Affected Products

Trend Micro Housecall

CVE-2022-38764

Weakness Enumeration

Related Identifiers

Affected Products

References · 8