CVE-2020-15603 - OpenCVE

An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Trendmicro	Antivirus\+ 2020 Internet Security 2020 Maximum Security 2020 Premium Security 2020

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:trendmicro:antivirus\+_2020::::::::
	cpe:2.3:a:trendmicro:internet_security_2020::::::::
	cpe:2.3:a:trendmicro:maximum_security_2020::::::::
	cpe:2.3:a:trendmicro:premium_security_2020::::::::

No data.

References

Link	Providers
https://helpcenter.trendmicro.com/en-us/article/TMKA-09645

History

No history.

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2020-07-15T19:15:16

Updated: 2024-08-04T13:22:30.145Z

Reserved: 2020-07-07T00:00:00

Link: CVE-2020-15603

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-07-15T20:15:13.507

Modified: 2020-07-22T15:50:06.330

Link: CVE-2020-15603

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Trend Micro Security (Consumer)", "vendor": "Trend Micro", "versions": [{"status": "affected", "version": "2020 (v16)"}]}], "descriptions": [{"lang": "en", "value": "An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash."}], "problemTypes": [{"descriptions": [{"description": "Invalid Memory Read", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-15T19:15:16", "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@trendmicro.com", "ID": "CVE-2020-15603", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Trend Micro Security (Consumer)", "version": {"version_data": [{"version_value": "2020 (v16)"}]}}]}, "vendor_name": "Trend Micro"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Invalid Memory Read"}]}]}, "references": {"reference_data": [{"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645", "refsource": "MISC", "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:22:30.145Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645"}]}]}, "cveMetadata": {"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "assignerShortName": "trendmicro", "cveId": "CVE-2020-15603", "datePublished": "2020-07-15T19:15:16", "dateReserved": "2020-07-07T00:00:00", "dateUpdated": "2024-08-04T13:22:30.145Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_2020:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A538915-6999-434B-8BA1-02C69E76FBD7", "versionEndIncluding": "16.0.1302", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:internet_security_2020:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6A0AB70-11A2-4E75-898A-80E06AD1D144", "versionEndIncluding": "16.0.1302", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:maximum_security_2020:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB048F71-F22A-499D-A753-38D93E1C331E", "versionEndIncluding": "16.0.1302", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:premium_security_2020:*:*:*:*:*:*:*:*", "matchCriteriaId": "311121E9-84CF-4A84-8E6A-B9EBFF4AF1CC", "versionEndIncluding": "16.0.1302", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash."}, {"lang": "es", "value": "Una vulnerabilidad de lectura de memoria no v\u00e1lida en un controlador de la familia de consumidores de productos Trend Micro Secuity 2020 (versiones v16.0.0.1302 y posteriores), podr\u00eda permitir a un atacante manipular el controlador espec\u00edfico para realizar una operaci\u00f3n de llamada del sistema con una direcci\u00f3n no v\u00e1lida, resultando en un fallo del sistema"}], "id": "CVE-2020-15603", "lastModified": "2020-07-22T15:50:06.330", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-15T20:15:13.507", "references": [{"source": "security@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645"}], "sourceIdentifier": "security@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}