CVE-2022-30703 - Vulnerability Details - OpenCVE

ReportizFlow

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Trendmicro	Security

Configuration 1 [-]

AND

OR	cpe:2.3:a:trendmicro:security:2021:::::::*
	cpe:2.3:a:trendmicro:security:2022:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://helpcenter.trendmicro.com/en-us/article/tmka-11021
https://www.zerodayinitiative.com/advisories/ZDI-22-801/

History

No history.

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2022-06-09T20:15:23

Updated: 2024-08-03T06:56:13.820Z

Reserved: 2022-05-13T00:00:00

Link: CVE-2022-30703

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-06-09T21:15:07.800

Modified: 2024-11-21T07:03:12.157

Link: CVE-2022-30703

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Trend Micro Security (Consumer)", "vendor": "Trend Micro", "versions": [{"status": "affected", "version": "2022 (17.7.1383 and below)"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation."}], "problemTypes": [{"descriptions": [{"description": "Exposed Dangerous Method Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-09T20:15:23", "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11021"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-801/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2022-30703", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Trend Micro Security (Consumer)", "version": {"version_data": [{"version_value": "2022 (17.7.1383 and below)"}]}}]}, "vendor_name": "Trend Micro"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Exposed Dangerous Method Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://helpcenter.trendmicro.com/en-us/article/tmka-11021", "refsource": "MISC", "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11021"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-801/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-801/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:56:13.820Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11021"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-801/"}]}]}, "cveMetadata": {"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "assignerShortName": "trendmicro", "cveId": "CVE-2022-30703", "datePublished": "2022-06-09T20:15:23", "dateReserved": "2022-05-13T00:00:00", "dateUpdated": "2024-08-03T06:56:13.820Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:security:2021:*:*:*:*:*:*:*", "matchCriteriaId": "01401FAD-BCDA-49BF-BB70-50B0D9F2F554", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:security:2022:*:*:*:*:*:*:*", "matchCriteriaId": "39FD5380-3D7F-41B1-9CF2-B0D8367C1628", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation."}, {"lang": "es", "value": "Trend Micro Security versiones 2021 y 2022 (Consumer) es susceptible a una vulnerabilidad de m\u00e9todo peligroso expuesto que podr\u00eda permitir a un atacante obtener acceso a direcciones del kernel filtradas y revelar informaci\u00f3n confidencial. Esta vulnerabilidad tambi\u00e9n podr\u00eda ser potencialmente encadenada para una escalada de privilegios"}], "id": "CVE-2022-30703", "lastModified": "2024-11-21T07:03:12.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2022-06-09T21:15:07.800", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11021"}, {"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-801/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11021"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-801/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}]}