CVE-2019-9491
published 2019-10-21CVE-2019-9491: Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same…
PriorityP354high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
12.94%
95.8th percentile
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trend_micro | trend_micro_anti-threat_toolkit | — | — |
| trendmicro | anti-threat_toolkit | <= 1.62.0.1218 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6ph9-24mm-7chj: Trend Micro Anti-Threat Toolkit (ATTK) versions 1
ghsa_unreviewed·2022-05-24
CVE-2019-9491 [HIGH] CWE-20 GHSA-6ph9-24mm-7chj: Trend Micro Anti-Threat Toolkit (ATTK) versions 1
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
GHSA
GHSA-96pj-v4p2-qw4v: Trend Micro Anti-Threat Toolkit (ATTK) versions 1
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2019-20358 [HIGH] CWE-20 GHSA-96pj-v4p2-qw4v: Trend Micro Anti-Threat Toolkit (ATTK) versions 1
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool.
No detection rules found.
No writeups or analysis indexed.
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-%28ATTK%29-REMOTE-CODE-EXECUTION.txthttp://packetstormsecurity.com/files/156160/TrendMicro-Anti-Threat-Toolkit-Improper-Fix.htmlhttp://seclists.org/fulldisclosure/2019/Oct/42http://seclists.org/fulldisclosure/2020/Jan/50https://seclists.org/bugtraq/2019/Oct/30https://seclists.org/bugtraq/2020/Jan/55https://success.trendmicro.com/solution/000149878http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-%28ATTK%29-REMOTE-CODE-EXECUTION.txthttp://packetstormsecurity.com/files/156160/TrendMicro-Anti-Threat-Toolkit-Improper-Fix.htmlhttp://seclists.org/fulldisclosure/2019/Oct/42http://seclists.org/fulldisclosure/2020/Jan/50https://seclists.org/bugtraq/2019/Oct/30https://seclists.org/bugtraq/2020/Jan/55https://success.trendmicro.com/solution/000149878
2019-10-21
Published