Vulnerability Details : CVE-2019-14688
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.
Products affected by CVE-2019-14688
- cpe:2.3:a:trendmicro:officescan:xg:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:mobile_security:9.8:*:*:*:enterprise:*:*:*
- cpe:2.3:a:trendmicro:serverprotect:5.8:*:*:*:*:emc:*:*
- cpe:2.3:a:trendmicro:serverprotect:5.8:*:*:*:*:netware:*:*
- cpe:2.3:a:trendmicro:serverprotect:5.8:*:*:*:*:windows:*:*
- cpe:2.3:a:trendmicro:serverprotect:6.0:*:*:*:*:storage:*:*
- cpe:2.3:a:trendmicro:control_manager:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:scanmail:14.0:*:*:*:*:microsoft_exchange:*:*
- cpe:2.3:a:trendmicro:endpoint_sensor:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:im_security:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:security:2019:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-14688
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-14688
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST | |
7.0
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
CWE ids for CVE-2019-14688
-
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-14688
-
https://success.trendmicro.com/solution/1123562
Installer vulnerability in multiple products - Trend MicroVendor Advisory
Jump to