Lucene search

[email protected]CVE-2019-20357

HistoryJan 18, 2020 - 12:15 a.m.

CVE-2019-20357

2020-01-1800:15:12

CWE-428

[email protected]

web.nvd.nist.gov

178

cve-2019-20357

persistent

arbitrary

code execution

trend micro

security

vulnerability

privilege escalation

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.7%

JSON

A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.

Affected configurations

NVD

Node

trendmicroantivirus_\+_security_2019Match15.0

trendmicroantivirus_\+_security_2020Match16.0

trendmicrointernet_security_2019Match15.0

trendmicrointernet_security_2020Match16.0

trendmicromaximum_security_2019Match15.0

trendmicromaximum_security_2020Match16.0

trendmicropremium_security_2019Match15.0

trendmicropremium_security_2020Match16.0

AND

microsoftwindowsMatch-

CPENameOperatorVersion
trendmicro:antivirus_\+_security_2019trendmicro antivirus + security 2019eq15.0
trendmicro:antivirus_\+_security_2020trendmicro antivirus + security 2020eq16.0
trendmicro:internet_security_2019trendmicro internet security 2019eq15.0
trendmicro:internet_security_2020trendmicro internet security 2020eq16.0
trendmicro:maximum_security_2019trendmicro maximum security 2019eq15.0
trendmicro:maximum_security_2020trendmicro maximum security 2020eq16.0
trendmicro:premium_security_2019trendmicro premium security 2019eq15.0
trendmicro:premium_security_2020trendmicro premium security 2020eq16.0

CPE	Name	Operator	Version
trendmicro:antivirus_\+_security_2019	trendmicro antivirus + security 2019	eq	15.0
trendmicro:antivirus_\+_security_2020	trendmicro antivirus + security 2020	eq	16.0
trendmicro:internet_security_2019	trendmicro internet security 2019	eq	15.0
trendmicro:internet_security_2020	trendmicro internet security 2020	eq	16.0
trendmicro:maximum_security_2019	trendmicro maximum security 2019	eq	15.0
trendmicro:maximum_security_2020	trendmicro maximum security 2020	eq	16.0
trendmicro:premium_security_2019	trendmicro premium security 2019	eq	15.0
trendmicro:premium_security_2020	trendmicro premium security 2020	eq	16.0

CNA Affected

[
  {
    "product": "Trend Micro Security (Consumer)",
    "vendor": "Trend Micro",
    "versions": [
      {
        "status": "affected",
        "version": "2019 (v15) and 2020 (v16) "
      }
    ]
  }
]

References

hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt

esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx

seclists.org/bugtraq/2020/Jan/28

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.7%

JSON

Related for CVE-2019-20357

prion1 cvelist1 nvd1 zdt1 exploitpack1 packetstorm1 exploitdb1