Vulnerability CVE-2019-20357


Published: 2020-01-18   Modified: 2020-01-17

Description:
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.

See advisories in our WLB2 database:
Topic
Author
Date
High
Trend Micro Security (Consumer) Multiple Products Persistent Arbitrary Code Execution
hyp3rlinx
17.01.2020

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx
https://seclists.org/bugtraq/2020/Jan/28

Copyright 2020, cxsecurity.com

 

Back to Top