CVE-2020-28575

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.2%

top 61.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Trend Micro Serverprotect FOR Linux Trendmicro Serverprotect

Timeline

PublishedDec 1

Latest updateMay 24

Description

A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5trend_micro/trend_micro_serverprotect_for_linux3.0

▶NVDtrendmicro/serverprotect3.0

🔴Vulnerability Details

GHSA

GHSA-64qr-mfgf-96mm: A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3↗2022-05-24

▶

CVEList

CVE-2020-28575: A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3↗2020-12-01

▶