CVE-2019-20358

7.8HIGH

Key Information:

Vendor
Trend Micro
Status
Trend Micro Anti-threat Toolkit (attk)
Vendor
CVE Published:
30 January 2020

Summary

Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool.

Affected Version(s)

Trend Micro Anti-Threat Toolkit (ATTK) Version 1.62.0.1218 and below

References

https://success.trendmicro.com/solution/000149878
x_refsource_MISC
https://seclists.org/bugtraq/2020/Jan/55
x_refsource_MISC
http://seclists.org/fulldisclosure/2020/Jan/50
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.