[Japanese]
|
JVNDB-2024-001785
|
Incorrect permission assignment vulnerability in Trend Micro uiAirSupport
|
Trend Micro Incorporated has released a security update for Trend Micro uiAirSupport.
Proof-of-concept code (PoC) for this vulnerability is available on the Internet.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
|
CVSS V3 Severity: Base Metrics 7.8 (High) [NVD Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
|
Trend Micro, Inc.
- Antivirus + Security uiAirSupport Version 6.0.2092 and earlier
- Internet Security uiAirSupport Version 6.0.2092 and earlier
- Trend Micro Maximum Security uiAirSupport Version 6.0.2092 and earlier
- Trend Micro Premium Security uiAirSupport Version 6.0.2092 and earlier
|
|
The users with standard user accounts may perform privilege escalation and execute arbitrary programs.
|
[Update the software]
Update the software to the latest version according to the information provided by the developer.
|
Trend Micro, Inc.
|
- Uncontrolled Search Path Element(CWE-427) [NVD Evaluation]
|
- CVE-2024-23940
|
- JVN : JVNVU#99844997
- National Vulnerability Database (NVD) : CVE-2024-23940
- Related document : AV - When a Friend Becomes an Enemy - (CVE-2024-23940)
|
- [2024/02/06]
Web page was published
- [2024/03/11]
CVSS Severity was modified
CWE was modified
References : Content was added
|