7.8

CVE-2020-25773

EPSS 0.53%
Veröffentlicht 29.09.2020 00:15:13
Zuletzt bearbeitet 21.11.2024 05:18:43
Quelle security@trendmicro.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Trendmicro ≫ Apex One Version2019

Microsoft ≫ Windows Version-

Trendmicro ≫ Apex One Versionsaas

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.53%	0.645

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

https://success.trendmicro.com/solution/000271974

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-20-1224/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2020-25773

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-25773

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-25773

EUVD