Lucene search

[email protected]CVE-2020-27697

HistoryNov 18, 2020 - 7:15 p.m.

CVE-2020-27697

2020-11-1819:15:11

CWE-59

[email protected]

web.nvd.nist.gov

trend micro

security 2020

consumer

vulnerability

installer package

dll

symlink attack

administrative privileges

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.3%

JSON

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product.

Affected configurations

NVD

Node

microsoftwindowsMatch-

AND

trendmicroantivirus\+_security_2020Range≤16.0

trendmicrointernet_security_2020Range≤16.0

trendmicromaximum_security_2020Range≤16.0

trendmicropremium_security_2020Range≤16.0

CPENameOperatorVersion
trendmicro:antivirus\+_security_2020trendmicro antivirus+ security 2020le16.0
trendmicro:internet_security_2020trendmicro internet security 2020le16.0
trendmicro:maximum_security_2020trendmicro maximum security 2020le16.0
trendmicro:premium_security_2020trendmicro premium security 2020le16.0

CPE	Name	Operator	Version
trendmicro:antivirus\+_security_2020	trendmicro antivirus+ security 2020	le	16.0
trendmicro:internet_security_2020	trendmicro internet security 2020	le	16.0
trendmicro:maximum_security_2020	trendmicro maximum security 2020	le	16.0
trendmicro:premium_security_2020	trendmicro premium security 2020	le	16.0

CNA Affected

[
  {
    "product": "Trend Micro Security (Consumer)",
    "vendor": "Trend Micro",
    "versions": [
      {
        "status": "affected",
        "version": "2020 (v16)"
      }
    ]
  }
]

References

helpcenter.trendmicro.com/en-us/article/TMKA-10036

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.3%

JSON

Related for CVE-2020-27697

prion1 nvd1 cvelist1