Trend Micro Security 17.x PrivEsc: Local Attacker Deleting Privileged Files
CVE-2024-32849 Published on June 10, 2024
Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
Vulnerability Analysis
CVE-2024-32849 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2024-32849
stack.watch emails you whenever new vulnerabilities are published in TrendMicro Maximum Security 2022 or TrendMicro Maximum Security 2023. Just hit a watch button to start following.
Affected Versions
Trend Micro, Inc. Trend Micro Maximum Security (Consumer):- Version 17 and below 17.7 is affected.
- Version 17.0 and below 17.7 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.