CVE Vulnerability

CVE-2019-19697

An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability.

7.2 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

6.7 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt Exploit Third Party Advisory
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx Vendor Advisory
https://seclists.org/bugtraq/2020/Jan/29 Exploit Mailing List
Configurations

Configuration 1
Information

Published : 2020-01-18 12:15

Updated : 2020-08-24 05:37

NVD link : CVE-2019-19697

Mitre link : CVE-2019-19697

Products Affected

Premium Security 2019

Trendmicro

CWE
NVD-CWE-noinfo