CVE-2020-25775

medium

Description

The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges.

References

https://www.zerodayinitiative.com/advisories/ZDI-20-1227/

https://helpcenter.trendmicro.com/en-us/article/TMKA-09909

Details

Source: Mitre, NVD

Published: 2020-09-29

Risk Information

CVSS v2

Base Score: 6.3

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 6.3

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Severity: Medium