Vulnerability Details : CVE-2019-19697
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability.
Products affected by CVE-2019-19697
- cpe:2.3:a:trendmicro:antivirus_\+_security_2019:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:internet_security_2019:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:maximum_security_2019:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:premium_security_2019:15.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-19697
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-19697
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST |
References for CVE-2019-19697
-
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx
Vendor Advisory
-
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt
Exploit;Third Party Advisory
-
https://seclists.org/bugtraq/2020/Jan/29
Bugtraq: Trend Micro Security 2019 (Consumer) Multiple Products Security Bypass Protected Service Tampering CVE-2019-19697Exploit;Mailing List;Third Party Advisory
Jump to