Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-28575

A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability.

Published

2020-12-01T19:15:11.947

Last Modified

2024-11-21T05:22:56.113

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	trendmicro	serverprotect	3.0	Yes

References

https://success.trendmicro.com/solution/000281950 Vendor Advisory ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-20-1378/ Third Party Advisory, VDB Entry ([email protected])
https://success.trendmicro.com/solution/000281950 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-20-1378/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)