ID

VAR-202112-1054


CVE

CVE-2021-44023


TITLE

plural  Trend Micro Security 2021  Link interpretation vulnerability in family products

Trust: 0.8

sources: JVNDB: JVNDB-2021-016532

DESCRIPTION

A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service. plural Trend Micro Security 2021 Family products contain a link interpretation vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the Platinum Host Service. By creating a symbolic link, an attacker can abuse the service to overwrite a file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system

Trust: 2.25

sources: NVD: CVE-2021-44023 // JVNDB: JVNDB-2021-016532 // ZDI: ZDI-21-1536

AFFECTED PRODUCTS

vendor:trendmicromodel:maximum security 2021scope:lteversion:17.0

Trust: 1.0

vendor:trendmicromodel:internet security 2021scope:lteversion:17.0

Trust: 1.0

vendor:trendmicromodel:premium security 2021scope:lteversion:17.0

Trust: 1.0

vendor:trendmicromodel:antivirus\+ security 2021scope:lteversion:17.0

Trust: 1.0

vendor:トレンドマイクロmodel:premium security 2021scope: - version: -

Trust: 0.8

vendor:トレンドマイクロmodel:antivirus + security 2021scope: - version: -

Trust: 0.8

vendor:トレンドマイクロmodel:maximum security 2021scope: - version: -

Trust: 0.8

vendor:トレンドマイクロmodel:internet security 2021scope: - version: -

Trust: 0.8

vendor:trend micromodel:maximum securityscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-1536 // JVNDB: JVNDB-2021-016532 // NVD: CVE-2021-44023

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-44023
value: HIGH

Trust: 1.0

NVD: CVE-2021-44023
value: HIGH

Trust: 0.8

ZDI: CVE-2021-44023
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-202112-785
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-44023
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2021-44023
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-44023
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2021-44023
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 4.2
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-1536 // JVNDB: JVNDB-2021-016532 // CNNVD: CNNVD-202112-785 // NVD: CVE-2021-44023

PROBLEMTYPE DATA

problemtype:CWE-59

Trust: 1.0

problemtype:Link interpretation problem (CWE-59) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-016532 // NVD: CVE-2021-44023

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-785

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-202112-785

PATCH

title:Security Bulletinurl:https://helpcenter.trendmicro.com/en-us/article/tmka-10867

Trust: 1.5

title:Trend Micro Security Post-link vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175385

Trust: 0.6

sources: ZDI: ZDI-21-1536 // JVNDB: JVNDB-2021-016532 // CNNVD: CNNVD-202112-785

EXTERNAL IDS

db:NVDid:CVE-2021-44023

Trust: 3.9

db:ZDIid:ZDI-21-1536

Trust: 3.1

db:JVNDBid:JVNDB-2021-016532

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-14587

Trust: 0.7

db:CS-HELPid:SB2021121001

Trust: 0.6

db:CNNVDid:CNNVD-202112-785

Trust: 0.6

sources: ZDI: ZDI-21-1536 // JVNDB: JVNDB-2021-016532 // CNNVD: CNNVD-202112-785 // NVD: CVE-2021-44023

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-21-1536/

Trust: 3.0

url:https://helpcenter.trendmicro.com/en-us/article/tmka-10867

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-44023

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021121001

Trust: 0.6

sources: ZDI: ZDI-21-1536 // JVNDB: JVNDB-2021-016532 // CNNVD: CNNVD-202112-785 // NVD: CVE-2021-44023

CREDITS

Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-21-1536

SOURCES

db:ZDIid:ZDI-21-1536
db:JVNDBid:JVNDB-2021-016532
db:CNNVDid:CNNVD-202112-785
db:NVDid:CVE-2021-44023

LAST UPDATE DATE

2024-08-14T14:50:02.807000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-1536date:2021-12-14T00:00:00
db:JVNDBid:JVNDB-2021-016532date:2022-12-16T08:31:00
db:CNNVDid:CNNVD-202112-785date:2021-12-22T00:00:00
db:NVDid:CVE-2021-44023date:2021-12-20T13:40:21.957

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-1536date:2021-12-14T00:00:00
db:JVNDBid:JVNDB-2021-016532date:2022-12-16T00:00:00
db:CNNVDid:CNNVD-202112-785date:2021-12-10T00:00:00
db:NVDid:CVE-2021-44023date:2021-12-16T03:15:10.073