Vulnerabilities > CVE-2021-32460 - Incorrect Authorization vulnerability in Trendmicro Maximum Security 2021 17.0

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

trendmicro

CWE-863

NVD

Published: 2021-06-03

Updated: 2021-06-15

Summary

The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Trendmicro Trendmicro Maximum Security 2021 17.0	1
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://helpcenter.trendmicro.com/en-us/article/TMKA-10336
https://www.zerodayinitiative.com/advisories/ZDI-21-603/