Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-19697

3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.3%

top 47.36%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Trend Micro Trend Micro Security (consumer)Trendmicro Antivirus \+ Security 2019 Trendmicro Internet Security 2019 +2 more

Timeline

PublishedJan 18

Latest updateMay 24

Description

An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages5 packages

▶NVDtrendmicro/maximum_security_201915.0

▶NVDtrendmicro/premium_security_201915.0

▶NVDtrendmicro/internet_security_201915.0

▶NVDtrendmicro/antivirus_\+_security_201915.0

▶CVEListV5trend_micro/trend_micro_security_(consumer)2019 (v15)

🔴Vulnerability Details

GHSA

GHSA-6q97-f52c-7p26: An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to g↗2022-05-24

▶

CVEList

CVE-2019-19697: An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to g↗2020-01-17

▶