CVE-2020-25775

6.3MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trend Micro Security (consumer)
Vendor: CVE Published:; 29 September 2020

Summary

The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges.

Affected Version(s)

Trend Micro Security (Consumer) 2020 (v16)

References

https://helpcenter.trendmicro.com/en-us/article/TMKA-09909

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-20-1227/

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 29, 2020
Vulnerability Reserved
Sep 18, 2020