CVE-2021-28648
Trend Micro Antivirus for Mac Improper Access Control Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
Trend Micro Antivirus para Mac 2020 versiones v10.5 y 2021 v11 (Consumidor) es susceptible a una vulnerabilidad de escalada de privilegios de control de acceso inapropiado que podría permitir a un atacante establecer una conexión que podría conllevar a una escalada de privilegios local completa dentro de la aplicación. Tome en cuenta que un atacante primero debe obtener la capacidad de ejecutar código poco privilegiado en el sistema objetivo para explotar esta vulnerabilidad
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within com.trendmicro.AFM.HelperTool. The issue results from improper access control. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-03-16 CVE Reserved
- 2021-04-15 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-21-420 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://helpcenter.trendmicro.com/en-us/article/TMKA-10293 | 2022-06-28 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Trendmicro Search vendor "Trendmicro" | Antivirus Search vendor "Trendmicro" for product "Antivirus" | >= 10.5 < 10.5.2088 Search vendor "Trendmicro" for product "Antivirus" and version " >= 10.5 < 10.5.2088" | macos |
Affected
| ||||||
Trendmicro Search vendor "Trendmicro" | Antivirus Search vendor "Trendmicro" for product "Antivirus" | >= 11.0 < 11.0.2062 Search vendor "Trendmicro" for product "Antivirus" and version " >= 11.0 < 11.0.2062" | macos |
Affected
|