CVE-2020-27014 - OpenCVE

Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Trendmicro	Antivirus

Configuration 1 [-]

cpe:2.3:a:trendmicro:antivirus:2020:*:*:*:*:macos:*:*

References

Link	Resource
https://helpcenter.trendmicro.com/en-us/article/TMKA-09974	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-1285/	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: trendmicro

Published: 2020-10-29T23:45:23

Updated: 2020-10-30T20:06:54

Reserved: 2020-10-12T00:00:00

Link: CVE-2020-27014

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-10-30T00:15:12.183

Modified: 2020-11-05T16:22:37.397

Link: CVE-2020-27014

JSON object: View

Redhat Information

No data.

CWE

CWE-367

{"containers": {"cna": {"affected": [{"product": "Trend Micro Antivirus for Mac (Consumer)", "vendor": "Trend Micro", "versions": [{"status": "affected", "version": "2020 (v10.x) and below"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\\n\\n\\r\\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability."}], "problemTypes": [{"descriptions": [{"description": "Race Condition", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-30T20:06:54", "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09974"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1285/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@trendmicro.com", "ID": "CVE-2020-27014", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Trend Micro Antivirus for Mac (Consumer)", "version": {"version_data": [{"version_value": "2020 (v10.x) and below"}]}}]}, "vendor_name": "Trend Micro"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\\n\\n\\r\\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Race Condition"}]}]}, "references": {"reference_data": [{"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09974", "refsource": "MISC", "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09974"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1285/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1285/"}]}}}}, "cveMetadata": {"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "assignerShortName": "trendmicro", "cveId": "CVE-2020-27014", "datePublished": "2020-10-29T23:45:23", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2020-10-30T20:06:54", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:antivirus:2020:*:*:*:*:macos:*:*", "matchCriteriaId": "A0D2AB9D-ECFC-4BA9-B440-6DC43AE46D7A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\\n\\n\\r\\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability."}, {"lang": "es", "value": "Trend Micro Antivirus for Mac 2020 (Consumer) contiene una vulnerabilidad de condici\u00f3n de carrera en el componente Web Threat Protection Blocklist, que si se explota, podr\u00eda permitir a un atacante provocar el p\u00e1nico o el colapso del n\u00facleo. \\n\\n\\r\\n. Un atacante debe obtener primero la capacidad de ejecutar c\u00f3digo de alto privilegio en el sistema objetivo para explotar esta vulnerabilidad"}], "id": "CVE-2020-27014", "lastModified": "2020-11-05T16:22:37.397", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-30T00:15:12.183", "references": [{"source": "security@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09974"}, {"source": "security@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1285/"}], "sourceIdentifier": "security@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "nvd@nist.gov", "type": "Primary"}]}