CVE-2022-30703 - OpenCVE

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Trendmicro	Security
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:trendmicro:security:2021:::::::*
	cpe:2.3:a:trendmicro:security:2022:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://helpcenter.trendmicro.com/en-us/article/tmka-11021	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-801/	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: trendmicro

Published: 2022-06-09T20:15:23

Updated: 2022-06-09T20:15:23

Reserved: 2022-05-13T00:00:00

Link: CVE-2022-30703

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-06-09T21:15:07.800

Modified: 2022-06-16T17:59:04.477

Link: CVE-2022-30703

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Trend Micro Security (Consumer)", "vendor": "Trend Micro", "versions": [{"status": "affected", "version": "2022 (17.7.1383 and below)"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation."}], "problemTypes": [{"descriptions": [{"description": "Exposed Dangerous Method Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-09T20:15:23", "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11021"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-801/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@trendmicro.com", "ID": "CVE-2022-30703", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Trend Micro Security (Consumer)", "version": {"version_data": [{"version_value": "2022 (17.7.1383 and below)"}]}}]}, "vendor_name": "Trend Micro"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Exposed Dangerous Method Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://helpcenter.trendmicro.com/en-us/article/tmka-11021", "refsource": "MISC", "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11021"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-801/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-801/"}]}}}}, "cveMetadata": {"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "assignerShortName": "trendmicro", "cveId": "CVE-2022-30703", "datePublished": "2022-06-09T20:15:23", "dateReserved": "2022-05-13T00:00:00", "dateUpdated": "2022-06-09T20:15:23", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:security:2021:*:*:*:*:*:*:*", "matchCriteriaId": "01401FAD-BCDA-49BF-BB70-50B0D9F2F554", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:security:2022:*:*:*:*:*:*:*", "matchCriteriaId": "39FD5380-3D7F-41B1-9CF2-B0D8367C1628", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation."}, {"lang": "es", "value": "Trend Micro Security versiones 2021 y 2022 (Consumer) es susceptible a una vulnerabilidad de m\u00e9todo peligroso expuesto que podr\u00eda permitir a un atacante obtener acceso a direcciones del kernel filtradas y revelar informaci\u00f3n confidencial. Esta vulnerabilidad tambi\u00e9n podr\u00eda ser potencialmente encadenada para una escalada de privilegios"}], "id": "CVE-2022-30703", "lastModified": "2022-06-16T17:59:04.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-09T21:15:07.800", "references": [{"source": "security@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11021"}, {"source": "security@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-801/"}], "sourceIdentifier": "security@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}