Lucene search

[email protected]CVE-2020-8607

HistoryAug 05, 2020 - 2:15 p.m.

CVE-2020-8607

2020-08-0514:15:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2020-8607

input validation

vulnerability

trend micro

rootkit protection

administrator permissions

kernel mode

code execution

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

20.0%

JSON

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.

CPENameOperatorVersion
trendmicro:antivirus_toolkittrendmicro antivirus toolkitlt1.62.1240
trendmicro:apex_onetrendmicro apex oneeq2019
trendmicro:apex_onetrendmicro apex oneeqsaas
trendmicro:deep_securitytrendmicro deep securityeq9.6
trendmicro:deep_securitytrendmicro deep securityeq10.0
trendmicro:deep_securitytrendmicro deep securityeq11.0
trendmicro:deep_securitytrendmicro deep securityeq12.0
trendmicro:officescantrendmicro officescaneqxg
trendmicro:officescan_business_securitytrendmicro officescan business securityeq9.0
trendmicro:officescan_business_securitytrendmicro officescan business securityeq9.5

CPE	Name	Operator	Version
trendmicro:antivirus_toolkit	trendmicro antivirus toolkit	lt	1.62.1240
trendmicro:apex_one	trendmicro apex one	eq	2019
trendmicro:apex_one	trendmicro apex one	eq	saas
trendmicro:deep_security	trendmicro deep security	eq	9.6
trendmicro:deep_security	trendmicro deep security	eq	10.0
trendmicro:deep_security	trendmicro deep security	eq	11.0
trendmicro:deep_security	trendmicro deep security	eq	12.0
trendmicro:officescan	trendmicro officescan	eq	xg
trendmicro:officescan_business_security	trendmicro officescan business security	eq	9.0
trendmicro:officescan_business_security	trendmicro officescan business security	eq	9.5

Rows per page:

1-10 of 221

References

jvn.jp/en/vu/JVNVU99160193/index.html

jvn.jp/vu/JVNVU99160193/

success.trendmicro.com/jp/solution/000260748

success.trendmicro.com/solution/000260713

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

20.0%

JSON

Related for CVE-2020-8607

cvelist1 prion1