exploitDog

CVE-2020-28575

Опубликовано: 01 дек. 2020

Источник: nvd

CVSS3: 6.7

CVSS2: 4.6

EPSS Низкий

Описание

A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability.

Ссылки

https://success.trendmicro.com/solution/000281950
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-1378/
Third Party Advisory
VDB Entry
https://success.trendmicro.com/solution/000281950
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-1378/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:serverprotect:3.0:*:*:*:*:linux:*:*

EPSS

Процентиль: 39%

0.00173

Низкий

6.7 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-64qr-mfgf-96mm

github

больше 3 лет назад

A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability.

EPSS

Процентиль: 39%

0.00173

Низкий

6.7 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-787