CVE-2020-8607
moderate-risk
Published 2020-08-05
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.
Do I need to act?
-
0.08% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10
Medium
LOCAL
/ LOW complexity
Affected Products (20)
Antivirus Toolkit
Deep Security
Deep Security
Deep Security
Deep Security
Officescan Business Security Service
Officescan Cloud
Officescan Cloud
Online Scan
Portable Security
Portable Security
Rootkit Buster
Safe Lock
Safe Lock
Affected Vendors
References (8)
Third Party Advisory
https://jvn.jp/en/vu/JVNVU99160193/index.html
Third Party Advisory
https://jvn.jp/vu/JVNVU99160193/
Vendor Advisory
https://success.trendmicro.com/jp/solution/000260748
Third Party Advisory
https://jvn.jp/en/vu/JVNVU99160193/index.html
Third Party Advisory
https://jvn.jp/vu/JVNVU99160193/
Vendor Advisory
https://success.trendmicro.com/jp/solution/000260748
42
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
21/34 · High