cvelistv5 - cve-2021-32460

CVE-2021-32460 (GCVE-0-2021-32460)

Vulnerability from cvelistv5

Published

2021-06-03 10:32

Modified

2024-08-03 23:17

Severity ?

CWE

Improper Access Control

Summary

References

URL

	Vendor	Product	Version
	Trend Micro	Trend Micro Maxmium Security (Consumer)	Version: 2021 (v17)

ghsa-8256-vhcj-qq8m

Vulnerability from github

Published

2022-05-24 19:03

Modified

2022-06-29 00:00

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-32460"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-03T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability.",
  "id": "GHSA-8256-vhcj-qq8m",
  "modified": "2022-06-29T00:00:52Z",
  "published": "2022-05-24T19:03:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32460"
    },
    {
      "type": "WEB",
      "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10336"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-603"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2021-32460

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2021-32460

Aliases

CVE-2021-32460

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-32460",
    "description": "The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability.",
    "id": "GSD-2021-32460"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-32460"
      ],
      "details": "The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability.",
      "id": "GSD-2021-32460",
      "modified": "2023-12-13T01:23:09.281610Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@trendmicro.com",
        "ID": "CVE-2021-32460",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Trend Micro Maxmium Security (Consumer)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2021 (v17)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Trend Micro"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10336",
            "refsource": "MISC",
            "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10336"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-603/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-603/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:maximum_security_2021:17.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2021-32460"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-863"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10336",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10336"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-603/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-603/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-06-15T16:33Z",
      "publishedDate": "2021-06-03T15:15Z"
    }
  }
}

cve-2021-32460

Vulnerability from jvndb

Published

2021-12-09 13:43

Modified

2021-12-09 13:43

Summary

Multiple vulnerabilities in Trend Micro Security 2021 family (Consumer)

Details

Trend Micro Incorporated has released security updates for Trend Micro Security 2021 family (Consumer). Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

References

Type

URL

	JVN	https://jvn.jp/en/vu/JVNVU98117192/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32460
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43772
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-32460
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-43772

Impacted products

Vendor

Product

Trend Micro, Inc.

Trend Micro Internet Security

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-005174.html",
  "dc:date": "2021-12-09T13:43+09:00",
  "dcterms:issued": "2021-12-09T13:43+09:00",
  "dcterms:modified": "2021-12-09T13:43+09:00",
  "description": "Trend Micro Incorporated has released security updates for Trend Micro Security 2021 family (Consumer).\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-005174.html",
  "sec:cpe": {
    "#text": "cpe:/a:trendmicro:virus_baster_cloud",
    "@product": "Trend Micro Internet Security",
    "@vendor": "Trend Micro, Inc.",
    "@version": "2.2"
  },
  "sec:identifier": "JVNDB-2021-005174",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU98117192/index.html",
      "@id": "JVNVU#98117192",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32460",
      "@id": "CVE-2021-32460",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43772",
      "@id": "CVE-2021-43772",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-32460",
      "@id": "CVE-2021-32460",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-43772",
      "@id": "CVE-2021-43772",
      "@source": "NVD"
    }
  ],
  "title": "Multiple vulnerabilities in Trend Micro Security 2021 family (Consumer)"
}

cnvd-2021-84278

Vulnerability from cnvd

Title

Trend Micro Maximum Security不正确访问控制漏洞

Description

Trend Micro Maximum Security是美国趋势科技（Trend Micro）公司的一套计算机安全防护软件。该软件包括病毒查杀、恶意软件防护和身份验证保护等功能。 Trend Micro Maximum Security存在安全漏洞，该漏洞源于应用程序设置的文件和文件夹的最大安全控制台中不正确的默认权限。攻击者可利用漏洞查看或修改文件和目录的内容。

Severity

高

Patch Name

Trend Micro Maximum Security不正确访问控制漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://helpcenter.trendmicro.com/en-us/article/TMKA-10336

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-32460

Impacted products

Name
Trend Micro Maximum Security 2021 v17

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-32460"
    }
  },
  "description": "Trend Micro Maximum Security\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u5957\u8ba1\u7b97\u673a\u5b89\u5168\u9632\u62a4\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5305\u62ec\u75c5\u6bd2\u67e5\u6740\u3001\u6076\u610f\u8f6f\u4ef6\u9632\u62a4\u548c\u8eab\u4efd\u9a8c\u8bc1\u4fdd\u62a4\u7b49\u529f\u80fd\u3002\n\nTrend Micro Maximum Security\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u8bbe\u7f6e\u7684\u6587\u4ef6\u548c\u6587\u4ef6\u5939\u7684\u6700\u5927\u5b89\u5168\u63a7\u5236\u53f0\u4e2d\u4e0d\u6b63\u786e\u7684\u9ed8\u8ba4\u6743\u9650\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u67e5\u770b\u6216\u4fee\u6539\u6587\u4ef6\u548c\u76ee\u5f55\u7684\u5185\u5bb9\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://helpcenter.trendmicro.com/en-us/article/TMKA-10336",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-84278",
  "openTime": "2021-11-05",
  "patchDescription": "Trend Micro Maximum Security\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u5957\u8ba1\u7b97\u673a\u5b89\u5168\u9632\u62a4\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5305\u62ec\u75c5\u6bd2\u67e5\u6740\u3001\u6076\u610f\u8f6f\u4ef6\u9632\u62a4\u548c\u8eab\u4efd\u9a8c\u8bc1\u4fdd\u62a4\u7b49\u529f\u80fd\u3002\r\n\r\nTrend Micro Maximum Security\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u8bbe\u7f6e\u7684\u6587\u4ef6\u548c\u6587\u4ef6\u5939\u7684\u6700\u5927\u5b89\u5168\u63a7\u5236\u53f0\u4e2d\u4e0d\u6b63\u786e\u7684\u9ed8\u8ba4\u6743\u9650\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u67e5\u770b\u6216\u4fee\u6539\u6587\u4ef6\u548c\u76ee\u5f55\u7684\u5185\u5bb9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Trend Micro Maximum Security\u4e0d\u6b63\u786e\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Trend Micro Maximum Security 2021 v17"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-32460",
  "serverity": "\u9ad8",
  "submitTime": "2021-06-04",
  "title": "Trend Micro Maximum Security\u4e0d\u6b63\u786e\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e"
}

cnvd-2021-39046

Vulnerability from cnvd

Title

Trend Micro Maximum Security权限提升漏洞（CNVD-2021-39046）

Description

Trend Micro Maximum Security是美国趋势科技（Trend Micro）公司的一套计算机安全防护软件。该软件包括病毒查杀、恶意软件防护和身份验证保护等功能。 Maximum Security存在安全漏洞，该漏洞源于应用程序设置的文件和文件夹的最大安全控制台中不正确的默认权限。具有系统访问权限的本地用户可以查看或修改文件和目录的内容。该漏洞允许本地用户升级对系统的特权。

Severity

中

Patch Name

Trend Micro Maximum Security权限提升漏洞（CNVD-2021-39046）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://helpcenter.trendmicro.com/en-us/article/TMKA-10336

Reference

https://www.cybersecurity-help.cz/vdb/SB2021052108

Impacted products

Name
['Trend Micro Maximum Security 2019 (v15)', 'Trend Micro Maximum Security 2020 (v16)', 'Trend Micro Maximum Security 2021 (v17)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-32460"
    }
  },
  "description": "Trend Micro Maximum Security\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u5957\u8ba1\u7b97\u673a\u5b89\u5168\u9632\u62a4\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5305\u62ec\u75c5\u6bd2\u67e5\u6740\u3001\u6076\u610f\u8f6f\u4ef6\u9632\u62a4\u548c\u8eab\u4efd\u9a8c\u8bc1\u4fdd\u62a4\u7b49\u529f\u80fd\u3002\n\nMaximum Security\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u8bbe\u7f6e\u7684\u6587\u4ef6\u548c\u6587\u4ef6\u5939\u7684\u6700\u5927\u5b89\u5168\u63a7\u5236\u53f0\u4e2d\u4e0d\u6b63\u786e\u7684\u9ed8\u8ba4\u6743\u9650\u3002\u5177\u6709\u7cfb\u7edf\u8bbf\u95ee\u6743\u9650\u7684\u672c\u5730\u7528\u6237\u53ef\u4ee5\u67e5\u770b\u6216\u4fee\u6539\u6587\u4ef6\u548c\u76ee\u5f55\u7684\u5185\u5bb9\u3002\u8be5\u6f0f\u6d1e\u5141\u8bb8\u672c\u5730\u7528\u6237\u5347\u7ea7\u5bf9\u7cfb\u7edf\u7684\u7279\u6743\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://helpcenter.trendmicro.com/en-us/article/TMKA-10336",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-39046",
  "openTime": "2021-06-03",
  "patchDescription": "Trend Micro Maximum Security\u662f\u7f8e\u56fd\u8d8b\u52bf\u79d1\u6280\uff08Trend Micro\uff09\u516c\u53f8\u7684\u4e00\u5957\u8ba1\u7b97\u673a\u5b89\u5168\u9632\u62a4\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5305\u62ec\u75c5\u6bd2\u67e5\u6740\u3001\u6076\u610f\u8f6f\u4ef6\u9632\u62a4\u548c\u8eab\u4efd\u9a8c\u8bc1\u4fdd\u62a4\u7b49\u529f\u80fd\u3002\r\n\r\nMaximum Security\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u8bbe\u7f6e\u7684\u6587\u4ef6\u548c\u6587\u4ef6\u5939\u7684\u6700\u5927\u5b89\u5168\u63a7\u5236\u53f0\u4e2d\u4e0d\u6b63\u786e\u7684\u9ed8\u8ba4\u6743\u9650\u3002\u5177\u6709\u7cfb\u7edf\u8bbf\u95ee\u6743\u9650\u7684\u672c\u5730\u7528\u6237\u53ef\u4ee5\u67e5\u770b\u6216\u4fee\u6539\u6587\u4ef6\u548c\u76ee\u5f55\u7684\u5185\u5bb9\u3002\u8be5\u6f0f\u6d1e\u5141\u8bb8\u672c\u5730\u7528\u6237\u5347\u7ea7\u5bf9\u7cfb\u7edf\u7684\u7279\u6743\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Trend Micro Maximum Security\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2021-39046\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Trend Micro Maximum Security 2019 (v15)",
      "Trend Micro Maximum Security 2020 (v16)",
      "Trend Micro Maximum Security 2021 (v17)"
    ]
  },
  "referenceLink": "https://www.cybersecurity-help.cz/vdb/SB2021052108",
  "serverity": "\u4e2d",
  "submitTime": "2021-05-25",
  "title": "Trend Micro Maximum Security\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2021-39046\uff09"
}

fkie_cve-2021-32460

Vulnerability from fkie_nvd

Published

2021-06-03 15:15

Modified

2024-11-21 06:07

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@trendmicro.com	https://helpcenter.trendmicro.com/en-us/article/TMKA-10336	Vendor Advisory
security@trendmicro.com	https://www.zerodayinitiative.com/advisories/ZDI-21-603/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://helpcenter.trendmicro.com/en-us/article/TMKA-10336	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-603/	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	trendmicro	maximum_security_2021	17.0
	microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:maximum_security_2021:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "769EDF57-123C-4FE7-93F3-8B773F5D17C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability."
    },
    {
      "lang": "es",
      "value": "El producto de consumo Trend Micro Maximum Security 2021 (versi\u00f3n v17) es suceptible a una vulnerabilidad de control de acceso inapropiado en el instalador que podr\u00eda permitir a un atacante local escalar privilegios en un equipo objetivo. Tenga en cuenta que un atacante debe tener ya privilegios de usuario local y acceso en la m\u00e1quina para explotar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2021-32460",
  "lastModified": "2024-11-21T06:07:04.730",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-03T15:15:07.867",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10336"
    },
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-603/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-603/"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-202106-1670

Vulnerability from variot

The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the Maximum Security console. The product sets incorrect permissions on a sensitive file. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202106-1670",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "maximum security 2021",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "trendmicro",
        "version": "17.0"
      },
      {
        "model": "maximum security",
        "scope": null,
        "trust": 0.7,
        "vendor": "trend micro",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-603"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32460"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Abdelhamid Naceri (halov)",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-603"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2021-32460",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-32460",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-32460",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-32460",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "NONE",
            "vectorString": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-32460",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "CVE-2021-32460",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202105-1350",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1350"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32460"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the Maximum Security console. The product sets incorrect permissions on a sensitive file. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32460"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32460"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-32460",
        "trust": 2.4
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-603",
        "trust": 2.4
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12346",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021052108",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1350",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32460",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-603"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32460"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1350"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32460"
      }
    ]
  },
  "id": "VAR-202106-1670",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.09586056
  },
  "last_update_date": "2024-08-14T12:31:01.927000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Trend Micro has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10336"
      },
      {
        "title": "Maximum Security Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152812"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1350"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-732",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32460"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-10336"
      },
      {
        "trust": 2.3,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-21-603/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021052108"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-603"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32460"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1350"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32460"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-21-603"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32460"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1350"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32460"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-05-21T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-603"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-05-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202105-1350"
      },
      {
        "date": "2021-06-03T15:15:07.867000",
        "db": "NVD",
        "id": "CVE-2021-32460"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-05-21T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-603"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-06-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202105-1350"
      },
      {
        "date": "2022-06-28T14:11:45.273000",
        "db": "NVD",
        "id": "CVE-2021-32460"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1350"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Trend Micro Maximum Security Improper Access Control Privilege Escalation Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-603"
      }
    ],
    "trust": 0.7
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1350"
      }
    ],
    "trust": 1.2
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-32460 (GCVE-0-2021-32460)

Vulnerability from cvelistv5

ghsa-8256-vhcj-qq8m

Vulnerability from github

gsd-2021-32460

Vulnerability from gsd

cve-2021-32460

Vulnerability from jvndb

cnvd-2021-84278

Vulnerability from cnvd

cnvd-2021-39046

Vulnerability from cnvd

fkie_cve-2021-32460

Vulnerability from fkie_nvd

var-202106-1670

Vulnerability from variot

Tags

Sightings

Nomenclature