CVE-2019-19694

The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the entire product completely..

CVSS v3 4.7 MEDIUM
CVSS v2.0 1.9 LOW

4.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx	Vendor Advisory
https://esupport.trendmicro.com/support/vb/solution/ja-jp/1124058.aspx	Vendor Advisory
https://jvn.jp/en/jp/JVN02921757/	Third Party Advisory
https://jvn.jp/jp/JVN02921757/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:trendmicro:antivirus_\+_security_2019::::::::
	cpe:2.3:a:trendmicro:internet_security_2019::::::::
	cpe:2.3:a:trendmicro:maximum_security_2019::::::::
	cpe:2.3:a:trendmicro:officescan_cloud:15:::::::*
	cpe:2.3:a:trendmicro:premium_security_2019::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-02-20 23:15

Updated : 2024-02-04 20:39

NVD link : CVE-2019-19694

Mitre link : CVE-2019-19694

CVE.ORG link : CVE-2019-19694

JSON object : View

Products Affected

microsoft

windows

trendmicro

maximum_security_2019
premium_security_2019
officescan_cloud
internet_security_2019
antivirus_\+_security_2019

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-19694", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2020-02-20T23:15:20.270", "references": [{"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx", "tags": ["Vendor Advisory"], "source": "security@trendmicro.com"}, {"url": "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1124058.aspx", "tags": ["Vendor Advisory"], "source": "security@trendmicro.com"}, {"url": "https://jvn.jp/en/jp/JVN02921757/", "tags": ["Third Party Advisory"], "source": "security@trendmicro.com"}, {"url": "https://jvn.jp/jp/JVN02921757/", "tags": ["Third Party Advisory"], "source": "security@trendmicro.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the entire product completely.."}, {"lang": "es", "value": "La familia de productos del consumidor de Trend Micro Security 2019 (versiones 15.0.0.1163 y posteriores), es vulnerable a un ataque de denegaci\u00f3n de servicio (DoS) en el que un actor malicioso podr\u00eda manipular un archivo clave en un momento determinado durante el proceso de inicio del sistema para deshabilitar las funciones de protecci\u00f3n de malware del producto o todo el producto por completo."}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:antivirus_\\+_security_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53529C20-D5BB-4574-B0C8-59B6FA89DB0B", "versionEndIncluding": "15.0.0.1163"}, {"criteria": "cpe:2.3:a:trendmicro:internet_security_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C010D439-B518-4FE4-A47E-F3D40F06761B", "versionEndIncluding": "15.0.0.1163"}, {"criteria": "cpe:2.3:a:trendmicro:maximum_security_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0308D32-E3C5-4DF1-B94C-8607D18470E9", "versionEndIncluding": "15.0.0.1163"}, {"criteria": "cpe:2.3:a:trendmicro:officescan_cloud:15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D4FDFB7-9F82-47F2-B265-916BFCE0A0EA"}, {"criteria": "cpe:2.3:a:trendmicro:premium_security_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "453C7082-394D-4D5D-9EEE-69AEAFC657C5", "versionEndIncluding": "15.0.0.1163"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@trendmicro.com"}