CVE-2022-30687
Trend Micro Maximum Security Link Following Arbitrary File Deletion Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files.
Trend Micro Maximum Security 2022 es vulnerable a la siguiente vulnerabilidad que podría permitir a un usuario local con pocos privilegios manipular la función de borrado seguro del producto para eliminar archivos arbitrarios
This vulnerability allows local attackers to delete arbitrary files on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the implementation of the Secure Erase feature. The issue results from the lack of proper validation of a user-supplied link prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-05-12 CVE Reserved
- 2022-05-26 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-22-789 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://helpcenter.trendmicro.com/en-us/article/tmka-11017 | 2022-06-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Trendmicro Search vendor "Trendmicro" | Maximum Security 2022 Search vendor "Trendmicro" for product "Maximum Security 2022" | 17.7 Search vendor "Trendmicro" for product "Maximum Security 2022" and version "17.7" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|