Vulnerability CVE-2020-25773
Published: 2020-09-29

Description:
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.

Type:

CWE-415

 (Double Free)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://success.trendmicro.com/solution/000271974
https://www.zerodayinitiative.com/advisories/ZDI-20-1224/
Copyright 2024, cxsecurity.com

 

Back to Top