CVE-2021-32462

high

Description

Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations. Authentication is required to exploit this vulnerability.

References

https://www.zerodayinitiative.com/advisories/ZDI-21-774/

https://helpcenter.trendmicro.com/en-us/article/TMKA-10388

Details

Source: Mitre, NVD

Published: 2021-07-08

Updated: 2021-07-23

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H