CVE-2020-24562

CWE-59 CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGH

EPSS

0.2%

top 56.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Trend Micro Officescan Trendmicro Officescan

Timeline

PublishedSep 29

Latest updateMay 24

Description

A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This CVE is similar, but not identical to CVE-2020-24556.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/officescanxg

▶CVEListV5trend_micro/trend_micro_officescanXG SP1

🔴Vulnerability Details

GHSA

GHSA-74vv-q3rm-9hv6: A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which the↗2022-05-24

▶

CVEList

CVE-2020-24562: A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which the↗2020-09-28

▶