CVE-2020-27015 - OpenCVE

Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Trendmicro	Antivirus

Configuration 1 [-]

cpe:2.3:a:trendmicro:antivirus:2020:*:*:*:*:macos:*:*

References

Link	Resource
https://helpcenter.trendmicro.com/en-us/article/TMKA-09975	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-1286/	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: trendmicro

Published: 2020-10-29T23:45:23

Updated: 2020-11-02T20:36:26

Reserved: 2020-10-12T00:00:00

Link: CVE-2020-27015

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-10-30T00:15:12.263

Modified: 2020-11-05T16:15:26.943

Link: CVE-2020-27015

JSON object: View

Redhat Information

No data.

CWE

CWE-209

{"containers": {"cna": {"affected": [{"product": "Trend Micro Antivirus for Mac (Consumer)", "vendor": "Trend Micro", "versions": [{"status": "affected", "version": "2020 (v10.x) and below"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-02T20:36:26", "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09975"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1286/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@trendmicro.com", "ID": "CVE-2020-27015", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Trend Micro Antivirus for Mac (Consumer)", "version": {"version_data": [{"version_value": "2020 (v10.x) and below"}]}}]}, "vendor_name": "Trend Micro"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09975", "refsource": "MISC", "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09975"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1286/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1286/"}]}}}}, "cveMetadata": {"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "assignerShortName": "trendmicro", "cveId": "CVE-2020-27015", "datePublished": "2020-10-29T23:45:23", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2020-11-02T20:36:26", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:antivirus:2020:*:*:*:*:macos:*:*", "matchCriteriaId": "A0D2AB9D-ECFC-4BA9-B440-6DC43AE46D7A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability."}, {"lang": "es", "value": "Trend Micro Antivirus for Mac 2020 (Consumer) contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de mensajes de error que, si se explota, podr\u00eda permitir que los punteros del n\u00facleo y los mensajes de depuraci\u00f3n se filtraran al terreno de los usuarios. Un atacante debe obtener primero la capacidad de ejecutar c\u00f3digo de alto privilegio en el sistema objetivo para poder explotar esta vulnerabilidad"}], "id": "CVE-2020-27015", "lastModified": "2020-11-05T16:15:26.943", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-30T00:15:12.263", "references": [{"source": "security@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09975"}, {"source": "security@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1286/"}], "sourceIdentifier": "security@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "nvd@nist.gov", "type": "Primary"}]}