CVE-2020-25776 — Link Following in Micro Antivirus FOR MAC

CWE-59 — Link Following CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 66.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Antivirus FOR MAC Trendmicro Antivirus

Timeline

PublishedOct 2

Latest updateMay 24

Description

Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/antivirus2019, 2020+1

▶CVEListV5trend_micro/trend_micro_antivirus_for_mac2020 (v10.x)

🔴Vulnerability Details

GHSA

GHSA-r6q3-pv2x-rvpm: Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical↗2022-05-24

▶

CVEList

CVE-2020-25776: Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical↗2020-10-02

▶