CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-43772
https://notcve.org/view.php?id=CVE-2021-43772
Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection. Trend Micro Security 2021 versión v17.0 (Consumer), contiene una vulnerabilidad que permite modificar los archivos dentro de la carpeta protegida sin ninguna detección • https://helpcenter.trendmicro.com/en-us/article/tmka-10855 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-36744 – Trend Micro Maximum Security Directory Junction Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-36744
Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service. Trend Micro Security (Consumer) versiones 2021 y 2020, son vulnerables a una vulnerabilidad de salto de directorios que podría permitir a un atacante explotar el sistema para escalar privilegios y crear una denegación de servicio. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Maximum Security Agent. By creating a directory junction, an attacker can abuse the service to delete a file. • https://helpcenter.trendmicro.com/en-us/article/tmka-10568 https://www.zerodayinitiative.com/advisories/ZDI-21-1052 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32460 – Trend Micro Maximum Security Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-32460
The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability. El producto de consumo Trend Micro Maximum Security 2021 (versión v17) es suceptible a una vulnerabilidad de control de acceso inapropiado en el instalador que podría permitir a un atacante local escalar privilegios en un equipo objetivo. Tenga en cuenta que un atacante debe tener ya privilegios de usuario local y acceso en la máquina para explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Maximum Security console. • https://helpcenter.trendmicro.com/en-us/article/TMKA-10336 https://www.zerodayinitiative.com/advisories/ZDI-21-603 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2021-25251
https://notcve.org/view.php?id=CVE-2021-25251
The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability. Las familias de productos de consumo Trend Micro Security 2020 y 2021, son vulnerables a una vulnerabilidad de inyección de código que podría permitir a un atacante desactivar la protección con contraseña del programa y desactivar la protección. Un atacante ya debe tener privilegios de administrador en la máquina para explotar esta vulnerabilidad • https://helpcenter.trendmicro.com/en-us/article/TMKA-10211 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27697
https://notcve.org/view.php?id=CVE-2020-27697
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product. Trend Micro Security 2020 (Consumer), contiene una vulnerabilidad en el paquete de instalación que podría ser explotada al colocar una DLL maliciosa en una ubicación no protegida con altos privilegios (ataque de tipo symlink) que puede conllevar a una obtención de privilegios administrativos durante la instalación del producto • https://helpcenter.trendmicro.com/en-us/article/TMKA-10036 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •