CVE Vulnerability

CVE-2022-26319

An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. Please note: an attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

6.9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.4 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.6 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://success.trendmicro.com/solution/000290531 Patch Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:trendmicro:portable_security:*:*:*:*:pro:*:*:*
cpe:2.3:a:trendmicro:portable_security:*:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:portable_security:*:*:*:*:*:*:*:*
Information

Published : 2022-03-08 10:15

Updated : 2022-03-19 11:55

NVD link : CVE-2022-26319

Mitre link : CVE-2022-26319

Products Affected
No products.
CWE
CWE-427