| CVE ID | CVE-2020-25777 |
| CVSS SCORE | 5.4, AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
| AFFECTED VENDORS |
Trend Micro |
| AFFECTED PRODUCTS |
Antivirus for Mac |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to bypass web filtering on affected installations of Trend Micro Antivirus for Mac. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the KERedirect module. The issue results from the improper filtering of HTTP requests. An attacker can leverage this vulnerability to bypass the protection offered by the product. |
| ADDITIONAL DETAILS |
Trend Micro has issued an update to correct this vulnerability. More details can be found at:
https://helpcenter.trendmicro.com/en-us/article/TMKA-09947 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Cees Elzinga from Danish Cyber Defence |
