CVE-2019-19694 - OpenCVE

The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the entire product completely..

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Trendmicro	Officescan Cloud Antivirus \+ Security 2019 Premium Security 2019 Maximum Security 2019 Internet Security 2019
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:trendmicro:antivirus_\+_security_2019::::::::
	cpe:2.3:a:trendmicro:internet_security_2019::::::::
	cpe:2.3:a:trendmicro:maximum_security_2019::::::::
	cpe:2.3:a:trendmicro:officescan_cloud:15:::::::*
	cpe:2.3:a:trendmicro:premium_security_2019::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx	Vendor Advisory
https://esupport.trendmicro.com/support/vb/solution/ja-jp/1124058.aspx	Vendor Advisory
https://jvn.jp/en/jp/JVN02921757/	Third Party Advisory
https://jvn.jp/jp/JVN02921757/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: trendmicro

Published: 2020-02-20T22:50:23

Updated: 2020-02-20T22:50:23

Reserved: 2019-12-09T00:00:00

Link: CVE-2019-19694

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-02-20T23:15:20.270

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-19694

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Trend Micro Security (Consumer)", "vendor": "Trend Micro", "versions": [{"status": "affected", "version": "2019 (v15.0.0.1163 and below)\r\n "}]}], "descriptions": [{"lang": "en", "value": "The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the entire product completely.."}], "problemTypes": [{"descriptions": [{"description": "DoS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-20T22:50:23", "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/en/jp/JVN02921757/"}, {"tags": ["x_refsource_MISC"], "url": "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1124058.aspx"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/jp/JVN02921757/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@trendmicro.com", "ID": "CVE-2019-19694", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Trend Micro Security (Consumer)", "version": {"version_data": [{"version_value": "2019 (v15.0.0.1163 and below)\r\n "}]}}]}, "vendor_name": "Trend Micro"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the entire product completely.."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "DoS"}]}]}, "references": {"reference_data": [{"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx", "refsource": "MISC", "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx"}, {"name": "https://jvn.jp/en/jp/JVN02921757/", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN02921757/"}, {"name": "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1124058.aspx", "refsource": "MISC", "url": "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1124058.aspx"}, {"name": "https://jvn.jp/jp/JVN02921757/", "refsource": "MISC", "url": "https://jvn.jp/jp/JVN02921757/"}]}}}}, "cveMetadata": {"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "assignerShortName": "trendmicro", "cveId": "CVE-2019-19694", "datePublished": "2020-02-20T22:50:23", "dateReserved": "2019-12-09T00:00:00", "dateUpdated": "2020-02-20T22:50:23", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:antivirus_\\+_security_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "53529C20-D5BB-4574-B0C8-59B6FA89DB0B", "versionEndIncluding": "15.0.0.1163", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:internet_security_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "C010D439-B518-4FE4-A47E-F3D40F06761B", "versionEndIncluding": "15.0.0.1163", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:maximum_security_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0308D32-E3C5-4DF1-B94C-8607D18470E9", "versionEndIncluding": "15.0.0.1163", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:officescan_cloud:15:*:*:*:*:*:*:*", "matchCriteriaId": "7D4FDFB7-9F82-47F2-B265-916BFCE0A0EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:premium_security_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "453C7082-394D-4D5D-9EEE-69AEAFC657C5", "versionEndIncluding": "15.0.0.1163", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the entire product completely.."}, {"lang": "es", "value": "La familia de productos del consumidor de Trend Micro Security 2019 (versiones 15.0.0.1163 y posteriores), es vulnerable a un ataque de denegaci\u00f3n de servicio (DoS) en el que un actor malicioso podr\u00eda manipular un archivo clave en un momento determinado durante el proceso de inicio del sistema para deshabilitar las funciones de protecci\u00f3n de malware del producto o todo el producto por completo."}], "id": "CVE-2019-19694", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-20T23:15:20.270", "references": [{"source": "security@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx"}, {"source": "security@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1124058.aspx"}, {"source": "security@trendmicro.com", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN02921757/"}, {"source": "security@trendmicro.com", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/jp/JVN02921757/"}], "sourceIdentifier": "security@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}