Published:2020/02/14  Last Updated:2020/02/14

JVN#02921757
Multiple Trend Micro products vulnerable to denial-of-service (DoS)

Overview

Multiple Trend Micro products contain a denial-of-service (DoS) vulnerability.

Products Affected

  • Premium Security 2019 for Windows version 15
  • Maximum Security 2019 for Windows version 15
  • Internet Security 2019 for Windows version 15
  • Antivirus+ Security 2019 for Windows version 15
According to the developer, Premium Security 2020 for Windows version 16, Maximum Security 2020 for Windows version 16, Internet Security 2020 for Windows version 16, and Antivirus+ Security 2020 for Windows version 16 are not affected by this vulnerability.

Description

Premium Security 2019 for Windows, Maximum Security 2019 for Windows, Internet Security 2019 for Windows, and Antivirus+ Security 2019 for Windows provided by Trend Micro Incorporated contain a denial-of-service (DoS) vulnerability (CWE-400).

Impact

An attacker may disable Premium Security 2019 for Windows, Maximum Security 2019 for Windows, Internet Security 2019 for Windows, and Antivirus+ Security 2019 for Windows.

Solution

Update the software
Update to the latest version according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
Trend Micro Incorporated Vulnerable 2020/02/14 Trend Micro Incorporated website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score: 6.2
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:L/AC:L/Au:N/C:N/I:N/A:P
Base Score: 2.1
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

BlackWingCat of Pink Flying Whale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2019-19694
JVN iPedia JVNDB-2020-000013