CVE-2019-20357

Опубликовано: 18 янв. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.

Ссылки

http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt
Exploit
Third Party Advisory
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx
Vendor Advisory
https://seclists.org/bugtraq/2020/Jan/28
Exploit
Issue Tracking
Mailing List
Third Party Advisory
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt
Exploit
Third Party Advisory
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx
Vendor Advisory
https://seclists.org/bugtraq/2020/Jan/28
Exploit
Issue Tracking
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:trendmicro:antivirus_\+_security_2019:15.0:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:antivirus_\+_security_2020:16.0:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:internet_security_2019:15.0:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:internet_security_2020:16.0:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:maximum_security_2019:15.0:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:maximum_security_2020:16.0:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:premium_security_2019:15.0:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:premium_security_2020:16.0:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00183

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-428

Связанные уязвимости

GHSA-q2hv-qv75-g6vg