CVE-2020-8607

Published Aug 5, 2020

Last updated 4 years ago

CVSS medium 6.7

Overview

Description: An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.
Source: security@trendmicro.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:trendmicro:antivirus_toolkit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5225790C-66F3-438C-82A9-0567EA2D3EAE",
            "versionEndExcluding": "1.62.1240"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF019D2D-C426-4D2D-A254-442CE777B41E"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:apex_one:saas:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BD39638-1D52-4FA8-BBA0-305795D7D2E0"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:deep_security:9.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A741097B-4B1F-4541-8E81-ABAAB16F4CCF"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:deep_security:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CC7B6BD-BAF1-4E0D-9BFB-6A9BE7D3AC40"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:deep_security:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81D6DD3F-6DA9-4D25-A0AB-8A2670A6FE91"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:deep_security:12.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BDD405A-E3EA-48F8-AC3D-E45A666920C5"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:officescan:xg:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64600B42-4884-41F2-A683-AE1EDB79372E"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:officescan_business_security:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B20A7619-A7A7-4048-BF27-5B2613DCF914"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:officescan_business_security:9.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14329F60-1C5D-4A4C-BBCA-BD42FFB4FB73"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:officescan_business_security:10.0:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "762313F8-2BA6-4ED7-A977-56C962D5B27F"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:officescan_business_security_service:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E3FC1CA-FFB4-4838-9BCE-BB5CAC28505F"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:officescan_cloud:15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D4FDFB7-9F82-47F2-B265-916BFCE0A0EA"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:officescan_cloud:16.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C23A004A-B597-402D-BFA8-9EB11580B13F"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:online_scan:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "388766C0-6983-453A-A1C2-8266127337C3"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:portable_security:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D33BDD31-422F-4DB0-B2DC-789611260C35"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:portable_security:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "079E3712-9365-44F8-804B-2ADBD89C1D5D"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:rootkit_buster:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AA0F265-BD68-41F7-99DD-8832EE7E295B"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:safe_lock:-:*:*:*:txone:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8549A2AA-5BDE-4B27-9861-9426769FAB0E"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:safe_lock:2.0:sp1:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B28CE37-C436-4440-B43F-905482D91AD9"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:serverprotect:5.8:*:*:*:*:emc:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BD9FEA3-46A4-4CEF-97B5-27BC2120B082"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:serverprotect:5.8:*:*:*:*:netware:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82D38D59-9208-4101-89D8-367E53DA29D5"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:serverprotect:5.8:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7293D7E6-196E-4C9F-B107-77FB2E770A1E"
          },
          {
            "criteria": "cpe:2.3:a:trendmicro:serverprotect:6.0:*:*:*:*:storage:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46FD65C7-6DED-47CA-988D-089E95D2F7B5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References