CVE-2020-28575
Summary
| CVE | CVE-2020-28575 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-01 19:15:00 UTC |
| Updated | 2020-12-02 15:46:00 UTC |
| Description | A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Trendmicro | Serverprotect | 3.0 | All | All | All |
| Application | Trendmicro | Serverprotect | 3.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| New KHM for heap-based buffer overflow privilege - ServerProtect for Linux | MISC | success.trendmicro.com | Vendor Advisory |
| ZDI-20-1378 | Zero Day Initiative | MISC | www.zerodayinitiative.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.