PT-2020-16592 · Trend Micro · Trend Micro Antivirus For Mac

Cees Elzinga

Published

2020-10-14

Updated

2020-10-26

CVE-2020-27013

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Trend Micro Antivirus for Mac 2020 (Consumer)

Description The issue occurs due to improper access control in the product's webserver API, allowing an attacker to read and write sensitive product and user data. To exploit this, an attacker must first obtain the ability to execute low-privileged code on the target system.

Recommendations For Trend Micro Antivirus for Mac 2020 (Consumer), consider restricting access to the webserver API until a patch is available. As a temporary workaround, limit the ability to execute low-privileged code on the target system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-27013

ZDI-20-1243

Affected Products

Trend Micro Antivirus For Mac

PT-2020-16592 · Trend Micro · Trend Micro Antivirus For Mac

CVE-2020-27013

Related Identifiers

Affected Products

References · 4