CVE-2020-8602

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
7.2HIGH
EPSS
1.7%
top 17.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Trend Micro Trend Micro Deep SecurityTrend Micro Trend Micro Vulnerability ManagementTrendmicro Deep Security Manager+1 more
Timeline
PublishedAug 27
Latest updateMay 24

Description

A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

NVDtrendmicro/deep_security_manager10.0, 11.0, 12.0+2
CVEListV5trend_micro/trend_micro_deep_security10.0, 11.0, 12.0

Patches

Patch: success.trendmicro.comPatch: success.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-p6mw-6gvm-8954: A vulnerability in the management consoles of Trend Micro Deep Security 102022-05-24
CVEList
CVE-2020-8602: A vulnerability in the management consoles of Trend Micro Deep Security 102020-08-27
CVE-2020-8602 (HIGH CVSS 7.2) | A vulnerability in the management c | cvebase.io