CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: May 3, 2022

CVE-2020-24557

High

EPSS 1.9%CISA KEV

Trend Micro/Apex One, OfficeScan, and Worry-Free Business Security

Description

Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function, and attain privilege escalation.

EPSS — Exploit Probability

1.9%

Higher than 82.9% of all CVEs

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2020-24557

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
EPSS: 1.9%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Nov 3, 2021

Added to KEV

Nov 3, 2021

Remediation Due

May 3, 2022

Affected Product

Trend Micro

Apex One, OfficeScan, and Worry-Free Business Security

View all Trend Micro CVEs

External Links

NVD (NIST)CVE Details MITRE CVE