Lucene search

[email protected]CVE-2019-20358

HistoryJan 30, 2020 - 9:15 p.m.

CVE-2019-20358

2020-01-3021:15:14

CWE-426

CWE-427

CWE-732

[email protected]

web.nvd.nist.gov

cve-2019-20358

trend micro

attk

vulnerability

remote code execution

rce

nvd

security advisory

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.061 Low

EPSS

Percentile

93.6%

JSON

Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool.

Affected configurations

NVD

Node

trendmicroanti-threat_toolkitRange≤1.62.0.1218

AND

microsoftwindowsMatch-

CPENameOperatorVersion
trendmicro:anti-threat_toolkittrendmicro anti-threat toolkitle1.62.0.1218

CPE	Name	Operator	Version
trendmicro:anti-threat_toolkit	trendmicro anti-threat toolkit	le	1.62.0.1218

CNA Affected

[
  {
    "product": "Trend Micro Anti-Threat Toolkit (ATTK)",
    "vendor": "Trend Micro",
    "versions": [
      {
        "status": "affected",
        "version": "Version 1.62.0.1218 and below"
      }
    ]
  }
]