← Back

CVE-2020-8607

nvd nist
Published: Aug 5, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.

Affected (24)

Trendmicro
12 products
Antivirus Toolkit
Apex One
Deep Security
Officescan
Officescan Business Security
Officescan Business Security Service
Officescan Cloud
Online Scan
Portable Security
Rootkit Buster
Safe Lock
Serverprotect
Configuration A
24 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Antivirus Toolkit
Before 1.62.1240
Trendmicro
Apex One
Version 2019
Apex One
Version saas
Trendmicro
Deep Security
Version 10.0
Deep Security
Version 11.0
Deep Security
Version 12.0
Deep Security
Version 9.6
Officescan
Version xg sp1
Trendmicro
Officescan Business Security
Version 10.0 sp1
Officescan Business Security
Version 9.0
Officescan Business Security
Version 9.5
Officescan Business Security Service
All versions
Trendmicro
Officescan Cloud
Version 15
Officescan Cloud
Version 16.0
Online Scan
Version 8.0
Trendmicro
Portable Security
Version 2.0
Portable Security
Version 3.0
Rootkit Buster
Version 2.2
Trendmicro
Safe Lock
All versions
Safe Lock
Version 2.0 sp1
Trendmicro
Serverprotect
Version 5.8
Serverprotect
Version 5.8
Serverprotect
Version 5.8
Serverprotect
Version 6.0
Running on/withPlatform Versions
Microsoft
Windows
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

Source: security@trendmicro.com
Third Party Advisory
Source: security@trendmicro.com
Third Party Advisory
Source: security@trendmicro.com
Vendor Advisory
Source: security@trendmicro.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.