Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-15604

An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified.

Published

2020-09-24T02:15:12.313

Last Modified

2024-11-21T05:05:50.677

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-295
CWE-494

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	trendmicro	antivirus\+_2019	≤ 15.0	Yes
Application	trendmicro	internet_security_2019	≤ 15.0	Yes
Application	trendmicro	maximum_security_2019	≤ 15.0	Yes
Application	trendmicro	officescan_cloud	15	Yes
Application	trendmicro	premium_security_2019	≤ 15.0	Yes
Operating System	microsoft	windows	-	No

References

https://helpcenter.trendmicro.com/en-us/article/TMKA-09890 Vendor Advisory ([email protected])
https://helpcenter.trendmicro.com/ja-jp/article/TMKA-09673 Vendor Advisory ([email protected])
https://jvn.jp/en/jp/JVN60093979/ Third Party Advisory ([email protected])
https://jvn.jp/jp/JVN60093979/ Third Party Advisory ([email protected])
https://helpcenter.trendmicro.com/en-us/article/TMKA-09890 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://helpcenter.trendmicro.com/ja-jp/article/TMKA-09673 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://jvn.jp/en/jp/JVN60093979/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://jvn.jp/jp/JVN60093979/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)