Back to KEVs

CVE-2020-24557

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a...

Basic Information

CVE State
PUBLISHED
Reserved Date
August 20, 2020
Published Date
September 01, 2020
Last Updated
February 06, 2025
Vendor
Trend Micro
Product
Trend Micro Apex One, Trend Micro Worry-Free Business Security
Description
A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.

CVSS Scores

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://success.trendmicro.com/solution/000263632 https://www.zerodayinitiative.com/advisories/ZDI-20-1094/ https://success.trendmicro.com/solution/000267260

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC