PT-2020-14528 · Trend Micro · Trend Micro Security 2019

Satoshi Mimura

Published

2020-09-24

Updated

2021-07-21

CVE-2020-15604

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Trend Micro Security 2019 version 15

Description The issue is related to an incomplete SSL server certification validation, which could be exploited by an attacker in combination with another attack to trick the client into downloading a malicious update. This is due to the update files not being properly verified, as described by CWE-494.

Recommendations For Trend Micro Security 2019 version 15, ensure that update files are properly verified to prevent malicious updates. As a temporary workaround, consider restricting automatic updates until a fix is available.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295CWE-494

Related Identifiers

CVE-2020-15604

Affected Products

Trend Micro Security 2019

PT-2020-14528 · Trend Micro · Trend Micro Security 2019

CVE-2020-15604

Weakness Enumeration

Related Identifiers

Affected Products

References · 6