Vulnerability Details : CVE-2021-32462
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations. Authentication is required to exploit this vulnerability.
Vulnerability category: Execute code
Products affected by CVE-2021-32462
- cpe:2.3:a:trendmicro:password_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-32462
1.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-32462
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2021-32462
-
https://www.zerodayinitiative.com/advisories/ZDI-21-774/
ZDI-21-774 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://helpcenter.trendmicro.com/en-us/article/TMKA-10388
Security Bulletin: June 2021 Security Bulletin for Trend Micro Password Manager ยท Trend Micro for HomeVendor Advisory
Jump to