CVE-2022-30703

Vulnerability

CVE-2022-30703 is an exposed dangerous method vulnerability in Trend Micro Security 2021 and 2022 consumer products. The flaw resides in the NCIE Scanner module, which exposes a dangerous function to unprivileged users [1]. Affected versions include Trend Micro Security 2022 (17.7.1383 and below) and Trend Micro Security 2021 (17.0.1394 and below) on Microsoft Windows [2].

Exploitation

An attacker must first obtain the ability to execute low-privileged code on the target system [1]. No user interaction beyond the initial code execution is required, as the vulnerable function is directly accessible to unprivileged users [1]. The attack has a local attack vector and requires low privileges [1][2].

Impact

A successful exploit allows the attacker to leak kernel addresses and disclose sensitive information [1][2]. This kernel address disclosure could be chained with other vulnerabilities to achieve privilege escalation or execute arbitrary code in the kernel context [1][2]. The CVSSv3 score is 6.5 (Medium), with high impact on confidentiality [2].

Mitigation

Trend Micro released fixes via ActiveUpdate. Affected users should update Trend Micro Security 2022 to version 17.7.1472 or above, and Trend Micro Security 2021 to version 17.0.1394 or above [2]. The update was released on May 20, 2022 [2]. There are no known workarounds, and no evidence of active exploitation was reported at the time of disclosure [2].