JVN#02921757
Multiple Trend Micro products vulnerable to denial-of-service (DoS)
Overview
Multiple Trend Micro products contain a denial-of-service (DoS) vulnerability.
Products Affected
- Premium Security 2019 for Windows version 15 and earlier
- Maximum Security 2019 for Windows version 15 and earlier
- Internet Security 2019 for Windows version 15 and earlier
- Antivirus+ Security 2019 for Windows version 15 and earlier
Description
Premium Security 2019 for Windows, Maximum Security 2019 for Windows, Internet Security 2019 for Windows, and Antivirus+ Security 2019 for Windows provided by Trend Micro Incorporated contain a denial-of-service (DoS) vulnerability (CWE-400).
Impact
An attacker may disable Premium Security 2019 for Windows, Maximum Security 2019 for Windows, Internet Security 2019 for Windows, and Antivirus+ Security 2019 for Windows.
Solution
Update the software
Update to the latest version according to the information provided by the developer.
The developer states that the users who still use the obsolte versions that are no longer supported are recommended to upgrade to the latetst supported versions.
Vendor Status
Vendor | Status | Last Update | Vendor Notes |
---|---|---|---|
Trend Micro Incorporated | Vulnerable | 2020/02/14 | Trend Micro Incorporated website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
---|---|---|---|---|
Attack Complexity(AC) | High (H) | Low (L) | ||
Privileges Required(PR) | High (H) | Low (L) | None (N) | |
User Interaction(UI) | Required (R) | None (N) | ||
Scope(S) | Unchanged (U) | Changed (C) | ||
Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
Integrity Impact(I) | None (N) | Low (L) | High (H) | |
Availability Impact(A) | None (N) | Low (L) | High (H) |
Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
---|---|---|---|
Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
Authentication(Au) | Multiple (M) | Single (S) | None (N) |
Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
BlackWingCat of Pink Flying Whale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2019-19694 |
JVN iPedia |
JVNDB-2020-000013 |
Update History
- 2020/03/06
- Information under the section [Products Affected] and [Solution] was modified.