CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32457
https://notcve.org/view.php?id=CVE-2021-32457
Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to escalate privileges on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability. La versión 6.6.604 y anteriores de Trend Micro Home Network Security son vulnerables a una vulnerabilidad de desbordamiento del búfer basada en la pila de iotcl que podría permitir a un atacante emitir un iotcl especialmente diseñado para escalar privilegios en los dispositivos afectados. Un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el dispositivo de destino para poder explotar esta vulnerabilidad • https://helpcenter.trendmicro.com/en-us/article/TMKA-10337 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1230 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32460 – Trend Micro Maximum Security Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-32460
The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability. El producto de consumo Trend Micro Maximum Security 2021 (versión v17) es suceptible a una vulnerabilidad de control de acceso inapropiado en el instalador que podría permitir a un atacante local escalar privilegios en un equipo objetivo. Tenga en cuenta que un atacante debe tener ya privilegios de usuario local y acceso en la máquina para explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Maximum Security console. • https://helpcenter.trendmicro.com/en-us/article/TMKA-10336 https://www.zerodayinitiative.com/advisories/ZDI-21-603 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 0CVE-2021-31520 – Trend Micro IM Security Weak Session Token Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-31520
A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in order to gain access to the product's web management interface. Una vulnerabilidad de omisión de autenticación de token de sesión débil en Trend Micro IM Security versiones 1.6 y 1.6.5, podría permitir a un atacante remoto adivinar el token de sesión de los administradores que han iniciado sesión actualmente para obtener acceso a la interfaz de administración web del producto This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro IM Security. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 16373 by default. The issue results from the use of guessable session tokens. An attacker can leverage this vulnerability to bypass authentication on the system. • https://success.trendmicro.com/solution/000286439 https://www.zerodayinitiative.com/advisories/ZDI-21-525 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-31518
https://notcve.org/view.php?id=CVE-2021-31518
Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device. This vulnerability is similar, but not identical to CVE-2021-31517. Trend Micro Home Network Security versiones 6.5.599 y anteriores, es susceptible a una vulnerabilidad de análisis de archivos que podría permitir a un atacante explotar la vulnerabilidad y causar una denegación de servicio en el dispositivo. Esta vulnerabilidad es similar, pero no idéntica a CVE-2021-31517 • https://helpcenter.trendmicro.com/en-us/article/TMKA-10312 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-31517
https://notcve.org/view.php?id=CVE-2021-31517
Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the device. This vulnerability is similar, but not identical to CVE-2021-31518. Trend Micro Home Network Security versiones 6.5.599 y anteriores, es susceptible a una vulnerabilidad de análisis de archivos que podría permitir a un atacante explotar la vulnerabilidad y causar una denegación de servicio en el dispositivo. Esta vulnerabilidad es similar, pero no idéntica a CVE-2021-31518 • https://helpcenter.trendmicro.com/en-us/article/TMKA-10312 •