CVE-2020-24556
published 2020-09-01CVE-2020-24556: A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows…
PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.78%
51.2th percentile
A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trend_micro | trend_micro_officescan | — | — |
| trendmicro | apex_one | — | — |
| trendmicro | apex_one | — | — |
| trendmicro | officescan | — | — |
| trendmicro | worry-free_business_security | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-28fh-4j57-cc4w: A vulnerability in Trend Micro Apex One and OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the syst
ghsa_unreviewed·2022-05-24
CVE-2020-24556 [HIGH] CWE-269 GHSA-28fh-4j57-cc4w: A vulnerability in Trend Micro Apex One and OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the syst
A vulnerability in Trend Micro Apex One and OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
GHSA
GHSA-74vv-q3rm-9hv6: A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which the
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-24562 [HIGH] CWE-269 GHSA-74vv-q3rm-9hv6: A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which the
A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution.
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This CVE is similar, but not identical to CVE-2020-24556.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://success.trendmicro.com/solution/000263632https://success.trendmicro.com/solution/000263633https://success.trendmicro.com/solution/000267260https://www.zerodayinitiative.com/advisories/ZDI-20-1093/https://success.trendmicro.com/solution/000263632https://success.trendmicro.com/solution/000263633https://success.trendmicro.com/solution/000267260https://www.zerodayinitiative.com/advisories/ZDI-20-1093/
2020-09-01
Published