CVE-2021-36744
High
Published: 06 September 2021
Published
06 September 2021
Modified
21 November 2024
KEV Added
—
Patch
—
CVSS Score v3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0023
45.7th percentile
Risk Priority
16
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2021-36744 is a high-severity Link Following (CWE-59) vulnerability in Trendmicro Maximum Security 2021. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 45.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-23334
Vulnerability details
Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
trendmicro
maximum security 2019
15.0
trendmicro
maximum security 2020
16.0
trendmicro
maximum security 2021
17.0, 17.2
trendmicro
security for best buy
2021
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.