CVE-2020-25775

Опубликовано: 29 сент. 2020

Источник: nvd

CVSS3: 6.3

CVSS2: 6.3

EPSS Низкий

Описание

The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges.

Ссылки

https://helpcenter.trendmicro.com/en-us/article/TMKA-09909
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-1227/
Third Party Advisory
VDB Entry
https://helpcenter.trendmicro.com/en-us/article/TMKA-09909
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-1227/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:trendmicro:antivirus\+_2020:*:*:*:*:*:*:*:*

Версия до 16.0 (включая)

cpe:2.3:a:trendmicro:internet_security_2020:*:*:*:*:*:*:*:*

Версия до 16.0 (включая)

cpe:2.3:a:trendmicro:maximum_security_2020:*:*:*:*:*:*:*:*

Версия до 16.0 (включая)

cpe:2.3:a:trendmicro:premium_security_2020:*:*:*:*:*:*:*:*

Версия до 16.0 (включая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00062

Низкий

6.3 Medium

CVSS3

6.3 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

GHSA-hg9j-r439-gp76

github

больше 3 лет назад

The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product’s secure erase feature to delete files with a higher set of privileges.

EPSS

Процентиль: 19%

0.00062

Низкий

6.3 Medium

CVSS3

6.3 Medium

CVSS2

Дефекты

CWE-362