CVE-2020-25777 - Vulnerability Details - OpenCVE

Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00258.

Key SSVC decision points have not yet been added.

Vendors	Products
Trendmicro	Antivirus

Configuration 1 [-]

OR	cpe:2.3:a:trendmicro:antivirus:2019:::::macos::
	cpe:2.3:a:trendmicro:antivirus:2020:::::macos::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2020-18427	Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://helpcenter.trendmicro.com/en-us/article/TMKA-09947
https://www.zerodayinitiative.com/advisories/ZDI-20-1242/

History

No history.

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2020-10-14T15:10:22

Updated: 2024-08-04T15:40:36.936Z

Reserved: 2020-09-18T00:00:00

Link: CVE-2020-25777

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-10-14T15:15:16.993

Modified: 2024-11-21T05:18:44.430

Link: CVE-2020-25777

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Trend Micro Antivirus for Mac (Consumer)", "vendor": "Trend Micro", "versions": [{"status": "affected", "version": "2020 (v10.x) and 2019 (v9.x)"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file."}], "problemTypes": [{"descriptions": [{"description": "Protection Bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-14T15:10:22", "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09947"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1242/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@trendmicro.com", "ID": "CVE-2020-25777", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Trend Micro Antivirus for Mac (Consumer)", "version": {"version_data": [{"version_value": "2020 (v10.x) and 2019 (v9.x)"}]}}]}, "vendor_name": "Trend Micro"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Protection Bypass"}]}]}, "references": {"reference_data": [{"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09947", "refsource": "MISC", "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09947"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1242/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1242/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:40:36.936Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09947"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1242/"}]}]}, "cveMetadata": {"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "assignerShortName": "trendmicro", "cveId": "CVE-2020-25777", "datePublished": "2020-10-14T15:10:22", "dateReserved": "2020-09-18T00:00:00", "dateUpdated": "2024-08-04T15:40:36.936Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:antivirus:2019:*:*:*:*:macos:*:*", "matchCriteriaId": "DF445523-96C6-4B40-97C2-6377920805CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:antivirus:2020:*:*:*:*:macos:*:*", "matchCriteriaId": "A0D2AB9D-ECFC-4BA9-B440-6DC43AE46D7A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file."}, {"lang": "es", "value": "Trend Micro Antivirus para Mac versi\u00f3n 2020 (Consumer), es vulnerable a un ataque de petici\u00f3n de extensi\u00f3n de kernel espec\u00edfico donde un atacante podr\u00eda omitir la funcionalidad Web Threat Protection del producto. Es requerida una interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso"}], "id": "CVE-2020-25777", "lastModified": "2024-11-21T05:18:44.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-14T15:15:16.993", "references": [{"source": "security@trendmicro.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09947"}, {"source": "security@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1242/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09947"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1242/"}], "sourceIdentifier": "security@trendmicro.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}