Vulnerabilites related to trendmicro - rootkit_buster
cve-2020-8607
Vulnerability from cvelistv5
Published
2020-08-05 14:05
Modified
2024-08-04 10:03
Severity ?
Summary
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.
Impacted products
Vendor Product Version
Trend Micro Trend Micro Apex One Version: 2019 (On premise), SaaS
Trend Micro Trend Micro OfficeScan Version: XG SP1
Trend Micro Trend Micro Deep Security Version: 12.x, 11.x. 10.x
Trend Micro Trend Micro Worry-Free Business Security Version: 10.0 SP1, Services (SaaS)
Trend Micro Trend Micro Security (Consumer Family) Version: 2020 (v16), 2019 (v15)
Trend Micro Trend Micro Safe Lock Version: 2.0 SP1, TXOne Ed
Trend Micro Trend Micro ServerProtect Version: SPFS 6.0, SPNAF 5.8, SPEMC 5.8, SPNT 5.8
Trend Micro Trend Micro Portable Security Version: 3.x, 2.x
Trend Micro Trend Micro HouseCall Version: 8.0
Trend Micro Trend Micro Anti-Threat Toolkit (ATTK) Version: 1.62.1240 and below
Trend Micro Trend Micro Rootkit Buster Version: 2.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T10:03:46.363Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://success.trendmicro.com/solution/000260713",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://success.trendmicro.com/jp/solution/000260748",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jvn.jp/vu/JVNVU99160193/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jvn.jp/en/vu/JVNVU99160193/index.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Trend Micro Apex One",
               vendor: "Trend Micro",
               versions: [
                  {
                     status: "affected",
                     version: "2019 (On premise), SaaS",
                  },
               ],
            },
            {
               product: "Trend Micro OfficeScan",
               vendor: "Trend Micro",
               versions: [
                  {
                     status: "affected",
                     version: "XG SP1",
                  },
               ],
            },
            {
               product: "Trend Micro Deep Security",
               vendor: "Trend Micro",
               versions: [
                  {
                     status: "affected",
                     version: "12.x, 11.x. 10.x",
                  },
               ],
            },
            {
               product: "Trend Micro Worry-Free Business Security",
               vendor: "Trend Micro",
               versions: [
                  {
                     status: "affected",
                     version: "10.0 SP1, Services (SaaS)",
                  },
               ],
            },
            {
               product: "Trend Micro Security (Consumer Family)",
               vendor: "Trend Micro",
               versions: [
                  {
                     status: "affected",
                     version: "2020 (v16), 2019 (v15)",
                  },
               ],
            },
            {
               product: "Trend Micro Safe Lock",
               vendor: "Trend Micro",
               versions: [
                  {
                     status: "affected",
                     version: "2.0 SP1, TXOne Ed",
                  },
               ],
            },
            {
               product: "Trend Micro ServerProtect",
               vendor: "Trend Micro",
               versions: [
                  {
                     status: "affected",
                     version: "SPFS 6.0, SPNAF 5.8, SPEMC 5.8, SPNT 5.8",
                  },
               ],
            },
            {
               product: "Trend Micro Portable Security",
               vendor: "Trend Micro",
               versions: [
                  {
                     status: "affected",
                     version: "3.x, 2.x",
                  },
               ],
            },
            {
               product: "Trend Micro HouseCall",
               vendor: "Trend Micro",
               versions: [
                  {
                     status: "affected",
                     version: "8.0",
                  },
               ],
            },
            {
               product: "Trend Micro Anti-Threat Toolkit (ATTK)",
               vendor: "Trend Micro",
               versions: [
                  {
                     status: "affected",
                     version: "1.62.1240 and below",
                  },
               ],
            },
            {
               product: "Trend Micro Rootkit Buster",
               vendor: "Trend Micro",
               versions: [
                  {
                     status: "affected",
                     version: "2.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Improper Input Validation",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-08-05T14:05:22",
            orgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            shortName: "trendmicro",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://success.trendmicro.com/solution/000260713",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://success.trendmicro.com/jp/solution/000260748",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jvn.jp/vu/JVNVU99160193/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jvn.jp/en/vu/JVNVU99160193/index.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@trendmicro.com",
               ID: "CVE-2020-8607",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Trend Micro Apex One",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "2019 (On premise), SaaS",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Trend Micro OfficeScan",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "XG SP1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Trend Micro Deep Security",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "12.x, 11.x. 10.x",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Trend Micro Worry-Free Business Security",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "10.0 SP1, Services (SaaS)",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Trend Micro Security (Consumer Family)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "2020 (v16), 2019 (v15)",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Trend Micro Safe Lock",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "2.0 SP1, TXOne Ed",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Trend Micro ServerProtect",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "SPFS 6.0, SPNAF 5.8, SPEMC 5.8, SPNT 5.8",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Trend Micro Portable Security",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "3.x, 2.x",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Trend Micro HouseCall",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "8.0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Trend Micro Anti-Threat Toolkit (ATTK)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "1.62.1240 and below",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Trend Micro Rootkit Buster",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "2.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Trend Micro",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Improper Input Validation",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://success.trendmicro.com/solution/000260713",
                     refsource: "MISC",
                     url: "https://success.trendmicro.com/solution/000260713",
                  },
                  {
                     name: "https://success.trendmicro.com/jp/solution/000260748",
                     refsource: "MISC",
                     url: "https://success.trendmicro.com/jp/solution/000260748",
                  },
                  {
                     name: "https://jvn.jp/vu/JVNVU99160193/",
                     refsource: "MISC",
                     url: "https://jvn.jp/vu/JVNVU99160193/",
                  },
                  {
                     name: "https://jvn.jp/en/vu/JVNVU99160193/index.html",
                     refsource: "MISC",
                     url: "https://jvn.jp/en/vu/JVNVU99160193/index.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
      assignerShortName: "trendmicro",
      cveId: "CVE-2020-8607",
      datePublished: "2020-08-05T14:05:23",
      dateReserved: "2020-02-04T00:00:00",
      dateUpdated: "2024-08-04T10:03:46.363Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2020-08-05 14:15
Modified
2024-11-21 05:39
Summary
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:trendmicro:antivirus_toolkit:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5225790C-66F3-438C-82A9-0567EA2D3EAE",
                     versionEndExcluding: "1.62.1240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:apex_one:2019:*:*:*:*:*:*:*",
                     matchCriteriaId: "AF019D2D-C426-4D2D-A254-442CE777B41E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:apex_one:saas:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BD39638-1D52-4FA8-BBA0-305795D7D2E0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:deep_security:9.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A741097B-4B1F-4541-8E81-ABAAB16F4CCF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:deep_security:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CC7B6BD-BAF1-4E0D-9BFB-6A9BE7D3AC40",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:deep_security:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "81D6DD3F-6DA9-4D25-A0AB-8A2670A6FE91",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:deep_security:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4BDD405A-E3EA-48F8-AC3D-E45A666920C5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:officescan:xg:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "64600B42-4884-41F2-A683-AE1EDB79372E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:officescan_business_security:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B20A7619-A7A7-4048-BF27-5B2613DCF914",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:officescan_business_security:9.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "14329F60-1C5D-4A4C-BBCA-BD42FFB4FB73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:officescan_business_security:10.0:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "762313F8-2BA6-4ED7-A977-56C962D5B27F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:officescan_business_security_service:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E3FC1CA-FFB4-4838-9BCE-BB5CAC28505F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:officescan_cloud:15:*:*:*:*:*:*:*",
                     matchCriteriaId: "7D4FDFB7-9F82-47F2-B265-916BFCE0A0EA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:officescan_cloud:16.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C23A004A-B597-402D-BFA8-9EB11580B13F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:online_scan:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "388766C0-6983-453A-A1C2-8266127337C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:portable_security:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D33BDD31-422F-4DB0-B2DC-789611260C35",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:portable_security:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "079E3712-9365-44F8-804B-2ADBD89C1D5D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:rootkit_buster:2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4AA0F265-BD68-41F7-99DD-8832EE7E295B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:safe_lock:-:*:*:*:txone:*:*:*",
                     matchCriteriaId: "8549A2AA-5BDE-4B27-9861-9426769FAB0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:safe_lock:2.0:sp1:*:*:-:*:*:*",
                     matchCriteriaId: "9B28CE37-C436-4440-B43F-905482D91AD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:serverprotect:5.8:*:*:*:*:emc:*:*",
                     matchCriteriaId: "0BD9FEA3-46A4-4CEF-97B5-27BC2120B082",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:serverprotect:5.8:*:*:*:*:netware:*:*",
                     matchCriteriaId: "82D38D59-9208-4101-89D8-367E53DA29D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:serverprotect:5.8:*:*:*:*:windows:*:*",
                     matchCriteriaId: "7293D7E6-196E-4C9F-B107-77FB2E770A1E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:serverprotect:6.0:*:*:*:*:storage:*:*",
                     matchCriteriaId: "46FD65C7-6DED-47CA-988D-089E95D2F7B5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de comprobación de entrada que se encuentra en varios productos de Trend Micro que usan una versión particular de un controlador de protección de rootkit específico, podría permitir a un atacante en modo usuario con permisos de administrador abusar del controlador para modificar una dirección del kernel que puede causar un bloqueo del sistema o potencialmente conllevar a una ejecución de código en modo kernel. Un atacante ya debe haber obtenido acceso de administrador en la máquina de destino (legítimamente o mediante un ataque no relacionado separado) para explotar esta vulnerabilidad",
      },
   ],
   id: "CVE-2020-8607",
   lastModified: "2024-11-21T05:39:07.050",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 6.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 0.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-08-05T14:15:13.530",
   references: [
      {
         source: "security@trendmicro.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://jvn.jp/en/vu/JVNVU99160193/index.html",
      },
      {
         source: "security@trendmicro.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://jvn.jp/vu/JVNVU99160193/",
      },
      {
         source: "security@trendmicro.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://success.trendmicro.com/jp/solution/000260748",
      },
      {
         source: "security@trendmicro.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://success.trendmicro.com/solution/000260713",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://jvn.jp/en/vu/JVNVU99160193/index.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://jvn.jp/vu/JVNVU99160193/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://success.trendmicro.com/jp/solution/000260748",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://success.trendmicro.com/solution/000260713",
      },
   ],
   sourceIdentifier: "security@trendmicro.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}