Lucene search

TrendmicroCVE-2019-14685

HistoryAug 21, 2019 - 8:15 p.m.

CVE-2019-14685

2019-08-2120:15:12

CWE-428

trendmicro

web.nvd.nist.gov

cve-2019-14685

local privilege escalation

trend micro security 2019

nvd

vulnerability

exploit

attacker

product feature

malicious service

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

Percentile

5.1%

JSON

A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service.

Affected configurations

Nvd

Node

trendmicroantivirus_\+_security_2019Match15.0

trendmicrointernet_security_2019Match15.0

trendmicromaximum_security_2019Match15.0

trendmicropremium_security_2019Match15.0

AND

microsoftwindowsMatch-

VendorProductVersionCPE
trendmicroantivirus_\+_security_201915.0cpe:2.3:a:trendmicro:antivirus_\+_security_2019:15.0:*:*:*:*:*:*:*
trendmicrointernet_security_201915.0cpe:2.3:a:trendmicro:internet_security_2019:15.0:*:*:*:*:*:*:*
trendmicromaximum_security_201915.0cpe:2.3:a:trendmicro:maximum_security_2019:15.0:*:*:*:*:*:*:*
trendmicropremium_security_201915.0cpe:2.3:a:trendmicro:premium_security_2019:15.0:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
trendmicro	antivirus_\+_security_2019	15.0	cpe:2.3:a:trendmicro:antivirus_\+_security_2019:15.0:::::::*
trendmicro	internet_security_2019	15.0	cpe:2.3:a:trendmicro:internet_security_2019:15.0:::::::*
trendmicro	maximum_security_2019	15.0	cpe:2.3:a:trendmicro:maximum_security_2019:15.0:::::::*
trendmicro	premium_security_2019	15.0	cpe:2.3:a:trendmicro:premium_security_2019:15.0:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

CNA Affected

[
  {
    "product": "Trend Micro Security (Consumer)",
    "vendor": "Trend Micro",
    "versions": [
      {
        "status": "affected",
        "version": "2019 (15.0)"
      }
    ]
  }
]

References

packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html

seclists.org/fulldisclosure/2019/Aug/26

esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx

medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escala%C3%A7%C3%A3o-de-privil%C3%A9gios-no-windows-471403d53b68

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2019-14685