CVE-2022-48191

2023-01-2007:15:12

CWE-367

[email protected]

web.nvd.nist.gov

cve-2022-48191

vulnerability

trend micro

maximum security

privilege escalation

arbitrary code execution

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

16.3%

JSON

A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system.

Affected configurations

NVD

Node

microsoftwindowsMatch-

AND

trendmicromaximum_security_2022Match17.7

CPENameOperatorVersion
trendmicro:maximum_security_2022trendmicro maximum security 2022eq17.7

CPE	Name	Operator	Version
trendmicro:maximum_security_2022	trendmicro maximum security 2022	eq	17.7

CNA Affected

[
  {
    "vendor": "Trend Micro, Inc.",
    "product": "Trend Micro Maxium Security (Consumer)",
    "versions": [
      {
        "version": "2022 (17.7)",
        "status": "affected",
        "versionType": "semver",
        "lessThan": "17.7"
      }
    ]
  }
]