CVE-2021-36742

CVSS 7.8 HIGHEPSS 1.5%● KEVCWE-20

In short

A flaw in how Trend Micro security software validates user input allows someone with basic access to a computer to gain administrator-level control. An attacker must already have the ability to run code on the system to exploit this.

Technical detail

The vulnerability exists in input validation routines within Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1, allowing privilege escalation from low-privileged user context to system or administrator level. Attack vector is local; pre-condition requires prior code execution capability on the target system. Impact includes complete system compromise through elevated privileges.

Summary generated and translated by AI from the official description.

A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Trend Micro · Trend Micro Apex One Trend Micro · Trend Micro OfficeScan Trend Micro · Trend Micro Worry-Free Business Security

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://success.trendmicro.com/jp/solution/000287796 https://success.trendmicro.com/jp/solution/000287815 https://success.trendmicro.com/solution/000287819 https://success.trendmicro.com/solution/000287820 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36742