CVE-2019-20358

HIGH

Trendmicro Anti-threat Toolkit - Uncontrolled Search Path

Title source: rule

Description

Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool.

References (3)

Scores

CVSS v3 7.8
EPSS 0.0362
EPSS Percentile 87.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE
CWE-427 CWE-732 CWE-426
Status published

Affected Products (1)

trendmicro/anti-threat_toolkit < 1.62.0.1218

Timeline

Published Jan 30, 2020
Tracked Since Feb 18, 2026