First published: Thu Sep 24 2020(Updated: )
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified.
Credit: security@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trendmicro Antivirus\+ 2019 | <=15.0 | |
Trendmicro Internet Security 2019 | <=15.0 | |
Trendmicro Maximum Security 2019 | <=15.0 | |
Trendmicro Officescan Cloud | =15 | |
Trendmicro Premium Security 2019 | <=15.0 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-15604 is an incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products.
CVE-2020-15604 allows an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one.
Trendmicro Antivirus+ 2019, Trendmicro Internet Security 2019, Trendmicro Maximum Security 2019, Trendmicro Officescan Cloud, and Trendmicro Premium Security 2019 are affected by CVE-2020-15604.
CVE-2020-15604 has a severity rating of 7.5 (High).
To fix CVE-2020-15604, it is recommended to update to the latest version of Trend Micro Security 2019 (v15) consumer family of products.