Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-24556

A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.

Published

2020-09-01T19:15:11.807

Last Modified

2024-11-21T05:14:59.090

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-59
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application trendmicro apex_one 2019 Yes
Application trendmicro apex_one saas Yes
Operating System microsoft windows - No
Application trendmicro worry-free_business_security 10.0 Yes
Application trendmicro worry-free_business_security_services - Yes
Operating System apple macos - No
Operating System microsoft windows - No
References