Versio.io

CVE-2020-24556

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 01-09-2020 09:15
Last modified: - 28-04-2022 08:28
Total changes: - 4

Description

A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Low
Attack complexity
Local
Attack vector
High
Availability
High
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
7.8
Base score
1.8
5.9
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=trendmicro AND product=apex_one AND version=2019
vendor=trendmicro AND product=apex_one AND version=saas
OR
vendor=microsoft AND product=windows AND version=-
AND
OR
vendor=trendmicro AND product=worry-free_business_security AND version=10.0 AND update=sp1
vendor=trendmicro AND product=worry-free_business_security_services AND version=-
OR
vendor=apple AND product=macos AND version=-
vendor=microsoft AND product=windows AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2020-24556

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.