CVE-2020-8607

EPSS 0.08%
Published 05.08.2020 14:15:13
Last modified 21.11.2024 05:39:07
Source security@trendmicro.com
Teams watchlist Login
Open Login

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Trendmicro ≫ Antivirus Toolkit Version < 1.62.1240

Microsoft ≫ Windows Version-

Trendmicro ≫ Apex One Version2019

Microsoft ≫ Windows Version-

Trendmicro ≫ Apex One Versionsaas

Microsoft ≫ Windows Version-

Trendmicro ≫ Deep Security Version9.6

Microsoft ≫ Windows Version-

Trendmicro ≫ Deep Security Version10.0

Microsoft ≫ Windows Version-

Trendmicro ≫ Deep Security Version11.0

Microsoft ≫ Windows Version-

Trendmicro ≫ Deep Security Version12.0

Microsoft ≫ Windows Version-

Trendmicro ≫ Officescan Versionxg Updatesp1

Microsoft ≫ Windows Version-

Trendmicro ≫ Officescan Business Security Version9.0

Microsoft ≫ Windows Version-

Trendmicro ≫ Officescan Business Security Version9.5

Microsoft ≫ Windows Version-

Trendmicro ≫ Officescan Business Security Version10.0 Updatesp1

Microsoft ≫ Windows Version-

Trendmicro ≫ Officescan Business Security Service Version-

Microsoft ≫ Windows Version-

Trendmicro ≫ Officescan Cloud Version15

Microsoft ≫ Windows Version-

Trendmicro ≫ Officescan Cloud Version16.0

Microsoft ≫ Windows Version-

Trendmicro ≫ Online Scan Version8.0

Microsoft ≫ Windows Version-

Trendmicro ≫ Portable Security Version2.0

Microsoft ≫ Windows Version-

Trendmicro ≫ Portable Security Version3.0

Microsoft ≫ Windows Version-

Trendmicro ≫ Rootkit Buster Version2.2

Microsoft ≫ Windows Version-

Trendmicro ≫ Safe Lock Version- SwEditiontxone

Microsoft ≫ Windows Version-

Trendmicro ≫ Safe Lock Version2.0 Updatesp1 SwEdition-

Microsoft ≫ Windows Version-

Trendmicro ≫ Serverprotect Version5.8 SwPlatformemc

Microsoft ≫ Windows Version-

Trendmicro ≫ Serverprotect Version5.8 SwPlatformnetware

Microsoft ≫ Windows Version-

Trendmicro ≫ Serverprotect Version5.8 SwPlatformwindows

Microsoft ≫ Windows Version-

Trendmicro ≫ Serverprotect Version6.0 SwPlatformstorage

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.211

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://jvn.jp/en/vu/JVNVU99160193/index.html

Third Party Advisory

https://jvn.jp/vu/JVNVU99160193/

Third Party Advisory

https://success.trendmicro.com/jp/solution/000260748

Vendor Advisory

https://success.trendmicro.com/solution/000260713

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8607

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8607

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8607

EUVD