CVE-2020-25777
Last modified
CVE-2020-25777 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.. EPSS estimates a 1.33% chance of exploitation in the next 30 days.
Description
Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Antivirus | 2019 |
| Trendmicro | Antivirus | 2020 |
References
- https://helpcenter.trendmicro.com/en-us/article/TMKA-09947Patch, Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-20-1242/Third Party Advisory, VDB Entry
- https://helpcenter.trendmicro.com/en-us/article/TMKA-09947Patch, Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-20-1242/Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-25777?
How severe is CVE-2020-25777?
How do I fix CVE-2020-25777?
Are you affected by CVE-2020-25777?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST