CVE-2021-28648
Last modified
CVE-2021-28648 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.. EPSS estimates a 0.53% chance of exploitation in the next 30 days.
Description
Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Antivirus | >= 10.5, < 10.5.2088 |
| Trendmicro | Antivirus | >= 11.0, < 11.0.2062 |
References
- https://helpcenter.trendmicro.com/en-us/article/TMKA-10293Patch, Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-420/Third Party Advisory, VDB Entry
- https://helpcenter.trendmicro.com/en-us/article/TMKA-10293Patch, Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-420/Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-28648?
How severe is CVE-2021-28648?
How do I fix CVE-2021-28648?
Are you affected by CVE-2021-28648?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST