CVE-2022-30703
Trend Micro Internet Security Exposed Dangerous Method Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation.
Trend Micro Security versiones 2021 y 2022 (Consumer) es susceptible a una vulnerabilidad de método peligroso expuesto que podría permitir a un atacante obtener acceso a direcciones del kernel filtradas y revelar información confidencial. Esta vulnerabilidad también podría ser potencialmente encadenada para una escalada de privilegios
This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Internet Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the NCIE Scanner module. The module exposes a dangerous function to unprivileged users. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-05-13 CVE Reserved
- 2022-05-27 CVE Published
- 2024-03-28 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-22-801 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://helpcenter.trendmicro.com/en-us/article/tmka-11021 | 2022-06-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Trendmicro Search vendor "Trendmicro" | Security Search vendor "Trendmicro" for product "Security" | 2021 Search vendor "Trendmicro" for product "Security" and version "2021" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Trendmicro Search vendor "Trendmicro" | Security Search vendor "Trendmicro" for product "Security" | 2022 Search vendor "Trendmicro" for product "Security" and version "2022" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|