CVE-2020-27014

Опубликовано: 30 окт. 2020

Источник: nvd

CVSS3: 6.4

CVSS2: 6.9

EPSS Низкий

Описание

Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

Ссылки

https://helpcenter.trendmicro.com/en-us/article/TMKA-09974
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-1285/
Third Party Advisory
VDB Entry
https://helpcenter.trendmicro.com/en-us/article/TMKA-09974
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-1285/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:antivirus:2020:*:*:*:*:macos:*:*

EPSS

Процентиль: 19%

0.0006

Низкий

6.4 Medium

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-367

Связанные уязвимости

GHSA-33p7-c5wh-6q6g

github

больше 3 лет назад

Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.