An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-295: Improper server certificate verification in the communication with the update server.
Advisories
Source ID Title
EUVD EUVD EUVD-2020-17279 An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-295: Improper server certificate verification in the communication with the update server.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: trendmicro

Published:

Updated: 2024-08-04T15:19:07.405Z

Reserved: 2020-08-20T00:00:00

Link: CVE-2020-24560

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-09-24T02:15:12.407

Modified: 2024-11-21T05:14:59.570

Link: CVE-2020-24560

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.