Vulnerability in Trend Micro Anti-Threat Toolkit (ATTK) Allows Arbitrary Remote Code Execution

Vulnerability in Trend Micro Anti-Threat Toolkit (ATTK) Allows Arbitrary Remote Code Execution

CVE-2019-20358 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool.

Learn more about our Web Application Penetration Testing UK.