CVE-2020-24557
Trend Micro Multiple Products Improper Access Control Vulnerability
CVSS
—
No CVSS
EPSS
2.6%
p84
KEV
YES
Nov 3, 2021
Exploit Today
75
0-100
Published: — · Last modified: —
Product
Trend Micro / Apex One, OfficeScan, and Worry-Free Business Security
Vulnerability
Trend Micro Multiple Products Improper Access Control Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
May 3, 2022
Known ransomware use
No
Summary description
Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function, and attain privilege escalation.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-24557
No related CVEs by CWE or product.