CVE-2020-15604 Information

Description

An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

https://helpcenter.trendmicro.com/en-us/article/TMKA-09890 https://helpcenter.trendmicro.com/ja-jp/article/TMKA-09673 https://jvn.jp/en/jp/JVN60093979/ https://jvn.jp/jp/JVN60093979/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.5