Attacker Value
Low
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
1

CVE-2020-25779

Disclosure Date: October 13, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Exfiltration
Techniques
Validation
Validated

Description

Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature.

Add Assessment

2
Ratings
  • Attacker Value
    Low
  • Exploitability
    Medium
Technical Analysis

I’ll add the proof of concept under References!

CVSS V3 Severity and Metrics
Base Score:
3.3 Low
Impact Score:
1.4
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
Low
Availability (A):
None

General Information

Vendors

  • Trend Micro

Products

  • Trend Micro Antivirus for Mac (Consumer)

Additional Info

Technical Analysis