JVNVU#96249940
Trend Micro Security 2020 (Consumer) is vulnerable to arbitrary file deletion
Overview
Trend Micro Security 2020 (Consumer) provided by Trend Micro Incorporated contains an arbitrary file deletion vulnerability.
Products Affected
- Premium Security 2020 for Windows v16 and earlier
- Maximum Security 2020 for Windows v16 and earlier
- Internet Security 2020 for Windows v16 and earlier
- Antivirus+ 2020 for Windows v16 and earlier
Description
Trend Micro Security 2020 (Consumer) provided by Trend Micro Incorporated contains an arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges.
Impact
An attacker who can access the product may delete arbitrary files and/or folders.
Solution
Apply the patch
Apply the appropriate patch according to the information provided by the developer.
The patch that addresses this vulnerability is available and it is automatically applied through the product’s automatic ActiveUpdate feature.
Vendor Status
Vendor | Link |
Trend Micro Incorporated | Trend Micro Security 2020 (Consumer) Security Race Condition Arbitrary File Deletion Vulnerability |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
---|---|---|---|---|
Attack Complexity(AC) | High (H) | Low (L) | ||
Privileges Required(PR) | High (H) | Low (L) | None (N) | |
User Interaction(UI) | Required (R) | None (N) | ||
Scope(S) | Unchanged (U) | Changed (C) | ||
Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
Integrity Impact(I) | None (N) | Low (L) | High (H) | |
Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2020-25775 |
JVN iPedia |
|