Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-24560

An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-295: Improper server certificate verification in the communication with the update server.

Published

2020-09-24T02:15:12.407

Last Modified

2024-11-21T05:14:59.570

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-295
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application trendmicro antivirus\+_2019 ≤ 15.0 Yes
Application trendmicro internet_security_2019 ≤ 15.0 Yes
Application trendmicro maximum_security_2019 ≤ 15.0 Yes
Application trendmicro officescan_cloud 15 Yes
Application trendmicro premium_security_2019 ≤ 15.0 Yes
Operating System microsoft windows - No
References