cvelistv5 - cve-2020-25775

cve-2020-25775

Vulnerability from cvelistv5

Published

2020-09-28 23:30

Modified

2024-08-04 15:40

Severity ?

Summary

References

▼	URL	Tags
	security@trendmicro.com	https://helpcenter.trendmicro.com/en-us/article/TMKA-09909	Vendor Advisory
	security@trendmicro.com	https://www.zerodayinitiative.com/advisories/ZDI-20-1227/	Third Party Advisory, VDB Entry

Impacted products

▼	Vendor	Product
	Trend Micro	Trend Micro Security (Consumer)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:40:36.947Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Security (Consumer)",
          "vendor": "Trend Micro",
          "versions": [
            {
              "status": "affected",
              "version": "2020 (v16)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product\u0027s secure erase feature to delete files with a higher set of privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Race Condition Arbitrary File Deletion",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-30T16:28:11",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2020-25775",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Trend Micro Security (Consumer)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2020 (v16)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Trend Micro"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product\u0027s secure erase feature to delete files with a higher set of privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Race Condition Arbitrary File Deletion"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909",
              "refsource": "MISC",
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2020-25775",
    "datePublished": "2020-09-28T23:30:45",
    "dateReserved": "2020-09-18T00:00:00",
    "dateUpdated": "2024-08-04T15:40:36.947Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-25775\",\"sourceIdentifier\":\"security@trendmicro.com\",\"published\":\"2020-09-29T00:15:13.440\",\"lastModified\":\"2020-10-07T19:04:46.980\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product\u0027s secure erase feature to delete files with a higher set of privileges.\"},{\"lang\":\"es\",\"value\":\"La familia de productos de consumo Trend Micro Security 2020 (versi\u00f3n v16), es susceptible a una vulnerabilidad de eliminaci\u00f3n de archivos arbitraria de una condici\u00f3n de carrera de seguridad que podr\u00eda permitir a un usuario poco privilegiado manipular la funcionalidad de borrado seguro del producto para eliminar archivos con un mayor conjunto de privilegios\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.0,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:N/I:C/A:C\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":6.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":9.2,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:antivirus\\\\+_2020:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.0\",\"matchCriteriaId\":\"D89F837E-5FE8-40A4-869D-68607B44EF38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:internet_security_2020:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.0\",\"matchCriteriaId\":\"9D2DD545-14EE-4244-9941-DE9423BAEFE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:maximum_security_2020:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.0\",\"matchCriteriaId\":\"9DD354AF-05D4-434F-9195-D4029AC65001\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:premium_security_2020:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.0\",\"matchCriteriaId\":\"9B92B18B-6DF1-4924-804C-96ABCBEFBE65\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://helpcenter.trendmicro.com/en-us/article/TMKA-09909\",\"source\":\"security@trendmicro.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-20-1227/\",\"source\":\"security@trendmicro.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

ghsa-hg9j-r439-gp76

Vulnerability from github

Published

2022-05-24 22:28

Modified

2022-05-24 22:28

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-25775"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-29T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product\u2019s secure erase feature to delete files with a higher set of privileges.",
  "id": "GHSA-hg9j-r439-gp76",
  "modified": "2022-05-24T22:28:42Z",
  "published": "2022-05-24T22:28:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25775"
    },
    {
      "type": "WEB",
      "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2020-25775

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2020-25775

Aliases

CVE-2020-25775

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-25775",
    "description": "The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product\u0027s secure erase feature to delete files with a higher set of privileges.",
    "id": "GSD-2020-25775"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-25775"
      ],
      "details": "The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product\u0027s secure erase feature to delete files with a higher set of privileges.",
      "id": "GSD-2020-25775",
      "modified": "2023-12-13T01:21:56.718895Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@trendmicro.com",
        "ID": "CVE-2020-25775",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Trend Micro Security (Consumer)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2020 (v16)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Trend Micro"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product\u0027s secure erase feature to delete files with a higher set of privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Security Race Condition Arbitrary File Deletion"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909",
            "refsource": "MISC",
            "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:antivirus\\+_2020:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:internet_security_2020:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:maximum_security_2020:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:premium_security_2020:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2020-25775"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product\u0027s secure erase feature to delete files with a higher set of privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/"
            },
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 9.2,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2020-10-07T19:04Z",
      "publishedDate": "2020-09-29T00:15Z"
    }
  }
}

The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges. Virus Buster provided by Trend Micro Inc. There is a vulnerability in the cloud that allows low-privileged users to use the product's "data erasure tool" function to delete files with higher permissions. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Any file or folder may be erased by a third party who has access to the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the Secure Erase feature. The issue results from the lack of proper validation of a user-supplied link prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202009-0815",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "antivirus\\+ 2020",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trendmicro",
        "version": "16.0"
      },
      {
        "model": "maximum security 2020",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trendmicro",
        "version": "16.0"
      },
      {
        "model": "premium security 2020",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trendmicro",
        "version": "16.0"
      },
      {
        "model": "internet security 2020",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "trendmicro",
        "version": "16.0"
      },
      {
        "model": "virus buster cloud",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "\u30d0\u30fc\u30b8\u30e7\u30f3 16.0"
      },
      {
        "model": "maximum security",
        "scope": null,
        "trust": 0.7,
        "vendor": "trend micro",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-1227"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009590"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-25775"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:antivirus\\+_2020:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:internet_security_2020:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:maximum_security_2020:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:premium_security_2020:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "16.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-25775"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Abdelhamid Naceri",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-1227"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2020-25775",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.4,
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.0,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Local",
            "author": "IPA score",
            "availabilityImpact": "High",
            "baseScore": 6.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-009590",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.0,
            "id": "CVE-2020-25775",
            "impactScore": 4.2,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "NONE",
            "vectorString": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-25775",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2020-009590",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "ZDI",
            "id": "CVE-2020-25775",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202009-1650",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-1227"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009590"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-25775"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1650"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product\u0027s secure erase feature to delete files with a higher set of privileges. Virus Buster provided by Trend Micro Inc. There is a vulnerability in the cloud that allows low-privileged users to use the product\u0027s \"data erasure tool\" function to delete files with higher permissions. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.Any file or folder may be erased by a third party who has access to the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the Secure Erase feature. The issue results from the lack of proper validation of a user-supplied link prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-25775"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009590"
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-1227"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-25775",
        "trust": 3.1
      },
      {
        "db": "ZDI",
        "id": "ZDI-20-1227",
        "trust": 2.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009590",
        "trust": 1.4
      },
      {
        "db": "JVN",
        "id": "JVNVU96249940",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-10819",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "50639",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1650",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-1227"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009590"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-25775"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1650"
      }
    ]
  },
  "id": "VAR-202009-0815",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.12407407
  },
  "last_update_date": "2023-12-18T14:00:23.087000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "\u30a2\u30e9\u30fc\u30c8/\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea\uff1a\u30a6\u30a4\u30eb\u30b9\u30d0\u30b9\u30bf\u30fc \u30af\u30e9\u30a6\u30c9\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066(CVE-2020-25775)",
        "trust": 0.8,
        "url": "https://helpcenter.trendmicro.com/ja-jp/article/tmka-09911"
      },
      {
        "title": "Trend Micro has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-09909"
      },
      {
        "title": "Trend Micro Security 2020 Repair measures for the competition condition problem loophole",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=129828"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-1227"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009590"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1650"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009590"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-25775"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-09909"
      },
      {
        "trust": 1.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-20-1227/"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25775"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25775"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu96249940"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-009590.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/50639"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-20-1227"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009590"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-25775"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1650"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-20-1227"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009590"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-25775"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1650"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-1227"
      },
      {
        "date": "2020-11-19T08:11:54",
        "db": "JVNDB",
        "id": "JVNDB-2020-009590"
      },
      {
        "date": "2020-09-29T00:15:13.440000",
        "db": "NVD",
        "id": "CVE-2020-25775"
      },
      {
        "date": "2020-09-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202009-1650"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-20-1227"
      },
      {
        "date": "2020-11-19T08:11:54",
        "db": "JVNDB",
        "id": "JVNDB-2020-009590"
      },
      {
        "date": "2020-10-07T19:04:46.980000",
        "db": "NVD",
        "id": "CVE-2020-25775"
      },
      {
        "date": "2020-11-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202009-1650"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1650"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OfficeScan made by Trend Micro Inc. Vulnerability that can delete arbitrary files in the cloud",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009590"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "competition condition problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1650"
      }
    ],
    "trust": 0.6
  }
}

cve-2020-25775

Vulnerability from jvndb

Published

2020-11-19 18:03

Modified

2020-11-19 18:03

Severity ?

6.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Summary

Trend Micro Security 2020 (Consumer) is vulnerable to arbitrary file deletion

Details

Trend Micro Security 2020 (Consumer) provided by Trend Micro Incorporated contains an arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.

References

▼	Type	URL
	JVN	https://jvn.jp/en/vu/JVNVU96249940
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25775
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-25775
	Race Condition(CWE-362)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Trend Micro, Inc.	Antivirus + Security 2020
	Trend Micro, Inc.	Internet Security 2020
	Trend Micro, Inc.	Trend Micro Maximum Security 2020
	Trend Micro, Inc.	Trend Micro Premium Security 2020

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-009590.html",
  "dc:date": "2020-11-19T18:03+09:00",
  "dcterms:issued": "2020-11-19T18:03+09:00",
  "dcterms:modified": "2020-11-19T18:03+09:00",
  "description": "Trend Micro Security 2020 (Consumer) provided by Trend Micro Incorporated contains an arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product\u0027s secure erase feature to delete files with a higher set of privileges.\r\n\r\nTrend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-009590.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:trendmicro:antivirus%2b_security_2020",
      "@product": "Antivirus + Security 2020",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:internet_security_2020",
      "@product": "Internet Security 2020",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:maximum_security_2020",
      "@product": "Trend Micro Maximum Security 2020",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:premium_security_2020",
      "@product": "Trend Micro Premium Security 2020",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "6.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2020-009590",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU96249940",
      "@id": "JVNVU#96249940",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25775",
      "@id": "CVE-2020-25775",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-25775",
      "@id": "CVE-2020-25775",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-362",
      "@title": "Race Condition(CWE-362)"
    }
  ],
  "title": "Trend Micro Security 2020 (Consumer) is vulnerable to arbitrary file deletion"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2020-25775

Vulnerability from cvelistv5

ghsa-hg9j-r439-gp76

Vulnerability from github

gsd-2020-25775

Vulnerability from gsd

var-202009-0815

Vulnerability from variot

cve-2020-25775

Vulnerability from jvndb

Tags

Sightings

Nomenclature