cnvd - cnvd-2022-03914

cnvd-2022-03914

Vulnerability from cnvd

Title

Trend Micro Antivirus for Mac访问控制错误漏洞

Description

Trend Micro Antivirus for Mac是美国趋势科技（Trend Micro）公司的一套基于Mac平台的杀毒软件。 Trend Micro Antivirus for Mac存在访问控制错误漏洞，该漏洞源于访问限制不当造成的。本地攻击者可以利用该漏洞运行特制的程序来绕过实施的安全限制并在系统上以提升的权限执行任意代码。

Severity

中

Patch Name

Trend Micro Antivirus for Mac访问控制错误漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://helpcenter.trendmicro.com/en-us/article/tmka-10832

Reference

https://www.zerodayinitiative.com/advisories/ZDI-21-1320/

Impacted products

Name
Trend Micro Antivirus for Mac <11.0.2163

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-43771",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-43771"
    }
  },
  "description": "Trend Micro Antivirus for Mac\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eMac\u5e73\u53f0\u7684\u6740\u6bd2\u8f6f\u4ef6\u3002\n\nTrend Micro Antivirus for Mac\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8bbf\u95ee\u9650\u5236\u4e0d\u5f53\u9020\u6210\u7684\u3002 \u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u8fd0\u884c\u7279\u5236\u7684\u7a0b\u5e8f\u6765\u7ed5\u8fc7\u5b9e\u65bd\u7684\u5b89\u5168\u9650\u5236\u5e76\u5728\u7cfb\u7edf\u4e0a\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://helpcenter.trendmicro.com/en-us/article/tmka-10832",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-03914",
  "openTime": "2022-01-14",
  "patchDescription": "Trend Micro Antivirus for Mac\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eMac\u5e73\u53f0\u7684\u6740\u6bd2\u8f6f\u4ef6\u3002\r\n\r\nTrend Micro Antivirus for Mac\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8bbf\u95ee\u9650\u5236\u4e0d\u5f53\u9020\u6210\u7684\u3002 \u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u8fd0\u884c\u7279\u5236\u7684\u7a0b\u5e8f\u6765\u7ed5\u8fc7\u5b9e\u65bd\u7684\u5b89\u5168\u9650\u5236\u5e76\u5728\u7cfb\u7edf\u4e0a\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Trend Micro Antivirus for Mac\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Trend Micro Antivirus for Mac \u003c11.0.2163"
  },
  "referenceLink": "https://www.zerodayinitiative.com/advisories/ZDI-21-1320/",
  "serverity": "\u4e2d",
  "submitTime": "2021-11-21",
  "title": "Trend Micro Antivirus for Mac\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2021-43771 (GCVE-0-2021-43771)

Vulnerability from cvelistv5

Published

2021-11-30 11:18

Modified

2024-08-04 04:03

Severity ?

CWE

Improper Access Control Privilege Escalation

Summary

Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

References

URL

Tags

	https://helpcenter.trendmicro.com/en-us/article/TMKA-10832	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-21-1320/	x_refsource_MISC