Published:2020/02/14  Last Updated:2020/03/06

JVN#02921757
Multiple Trend Micro products vulnerable to denial-of-service (DoS)

Overview

Multiple Trend Micro products contain a denial-of-service (DoS) vulnerability.

Products Affected

  • Premium Security 2019 for Windows version 15 and earlier
  • Maximum Security 2019 for Windows version 15 and earlier
  • Internet Security 2019 for Windows version 15 and earlier
  • Antivirus+ Security 2019 for Windows version 15 and earlier
According to the developer, Premium Security 2020 for Windows version 16, Maximum Security 2020 for Windows version 16, Internet Security 2020 for Windows version 16, and Antivirus+ Security 2020 for Windows version 16 are not affected by this vulnerability.

Description

Premium Security 2019 for Windows, Maximum Security 2019 for Windows, Internet Security 2019 for Windows, and Antivirus+ Security 2019 for Windows provided by Trend Micro Incorporated contain a denial-of-service (DoS) vulnerability (CWE-400).

Impact

An attacker may disable Premium Security 2019 for Windows, Maximum Security 2019 for Windows, Internet Security 2019 for Windows, and Antivirus+ Security 2019 for Windows.

Solution

Update the software
Update to the latest version according to the information provided by the developer.
The developer states that the users who still use the obsolte versions that are no longer supported are recommended to upgrade to the latetst supported versions.

Vendor Status

Vendor Status Last Update Vendor Notes
Trend Micro Incorporated Vulnerable 2020/02/14 Trend Micro Incorporated website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score: 6.2
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:L/AC:L/Au:N/C:N/I:N/A:P
Base Score: 2.1
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

BlackWingCat of Pink Flying Whale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2019-19694
JVN iPedia JVNDB-2020-000013

Update History

2020/03/06
Information under the section [Products Affected] and [Solution] was modified.