PT-2020-15735 · Trend Micro · Trend Micro Security 2019

Satoshi Mimura

Published

2020-09-24

Updated

2020-09-30

CVE-2020-24560

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Trend Micro Security 2019 version 15

Description The issue is related to an incomplete SSL server certification validation, which could be exploited by an attacker to trick an affected client into downloading a malicious update. This is due to improper server certificate verification in the communication with the update server.

Recommendations For Trend Micro Security 2019 version 15, ensure proper server certificate verification is in place to prevent malicious updates. As a temporary workaround, consider restricting communication with the update server until a patch is available.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2020-24560

Affected Products

Trend Micro Security 2019

PT-2020-15735 · Trend Micro · Trend Micro Security 2019

CVE-2020-24560

Weakness Enumeration

Related Identifiers

Affected Products

References · 6