[Japanese]

JVNDB-2020-009590

Trend Micro Security 2020 (Consumer) is vulnerable to arbitrary file deletion

Overview

Trend Micro Security 2020 (Consumer) provided by Trend Micro Incorporated contains an arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges.

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.3 (Medium) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


Trend Micro, Inc.
  • Antivirus + Security 2020 for Windows v16 and earlier
  • Internet Security 2020 for Windows v16 and earlier
  • Trend Micro Maximum Security 2020 for Windows v16 and earlier
  • Trend Micro Premium Security 2020 for Windows v16 and earlier

Impact

An attacker who can access the product may delete arbitrary files and/or folders.
Solution

[Apply the patch]
Apply the appropriate patch according to the information provided by the developer.
The patch that addresses this vulnerability is available and it is automatically applied through the product's automatic ActiveUpdate feature.
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

  1. Race Condition(CWE-362) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2020-25775
References

  1. JVN : JVNVU#96249940
  2. National Vulnerability Database (NVD) : CVE-2020-25775
Revision History

  • [2020/11/19]
      Web page was published