CVE-2019-19697

An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability.

Published: Jan 18, 2020
Updated: Apr 13, 2023
CVE: CVE-2019-19697
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
trendmicro / antivirus_+_security_2019	15.0	15.0.x
trendmicro / internet_security_2019	15.0	15.0.x
trendmicro / maximum_security_2019	15.0	15.0.x
trendmicro / premium_security_2019	15.0	15.0.x

http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx
https://seclists.org/bugtraq/2020/Jan/29

Vulnerability Database

289,871

CVE-2019-19697