exploitDog

CVE-2022-30523

Опубликовано: 16 мая 2022

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine.

Ссылки

https://helpcenter.trendmicro.com/en-us/article/tmka-09071
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-759/
Third Party Advisory
VDB Entry
https://helpcenter.trendmicro.com/en-us/article/tmka-09071
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-759/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:password_manager:*:*:*:*:*:windows:*:*

Версия до 5.0.0.1270 (исключая)

EPSS

Процентиль: 12%

0.00041

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-59

Связанные уязвимости

GHSA-rmw3-4v45-rj33

CVSS3: 7.8

github

больше 3 лет назад

Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine.

EPSS

Процентиль: 12%

0.00041

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-59