CVE-2020-28574 – CVE-2020-28574 is an unauthenticated path trave... (How to Fix)

Q: What is the severity of CVE-2020-28574?

CVE-2020-28574 has a CVSS score of 7.5 (HIGH). CVE-2020-28574 is an unauthenticated path traversal vulnerability in Trend Micro Worry-Free Business Security 10 SP1 that allows remote attackers to delete or modify arbitrary files on the management console without authentication. This affects organizations using the vulnerable version of the security product, potentially leading to system compromise or data loss.

📋 TL;DR

CVE-2020-28574 is an unauthenticated path traversal vulnerability in Trend Micro Worry-Free Business Security 10 SP1 that allows remote attackers to delete or modify arbitrary files on the management console without authentication. This affects organizations using the vulnerable version of the security product, potentially leading to system compromise or data loss.

💻 Affected Systems

Products:

Trend Micro Worry-Free Business Security

Versions: 10 SP1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the management console component; ensure all instances are checked and updated.

📦 What is this software?

Worry Free Business Security by Trendmicro

View all CVEs affecting Worry Free Business Security →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via deletion of critical files, leading to service disruption, data loss, or installation of malware.

🟠

Likely Case

Unauthorized deletion or modification of files on the management console, causing operational issues or security breaches.

🟢

If Mitigated

Limited impact if patched or network-restricted, with no unauthorized access due to controls.

🌐 Internet-Facing: HIGH, as the vulnerability is unauthenticated and exploitable remotely, making internet-exposed consoles prime targets.

🏢 Internal Only: MEDIUM, as internal attackers could exploit it, but network segmentation reduces exposure compared to internet-facing systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation is straightforward due to unauthenticated access and path traversal, with public details available in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply the patch from Trend Micro as specified in the vendor advisory.

Vendor Advisory: https://success.trendmicro.com/solution/000281948

Restart Required: Yes

Instructions:

1. Access the Trend Micro management console. 2. Navigate to the update section. 3. Apply the latest security patch provided by Trend Micro. 4. Restart the system as required to complete the update.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to the management console by placing it behind a firewall or VPN, allowing only trusted IPs.

Disable Unnecessary Services

windows

Turn off or block unused network services on the console to reduce attack surface.

🧯 If You Can't Patch

Implement strict network access controls to limit console exposure to authorized users only.
Monitor logs for suspicious file deletion or modification attempts and set up alerts.

🔍 How to Verify

Check if Vulnerable:

Check the product version in the management console; if it is 10 SP1 without the patch, it is vulnerable.

Check Version:

In the Trend Micro Worry-Free Business Security console, go to 'Help' > 'About' to view the version details.

Verify Fix Applied:

Verify the patch is applied by checking the version in the console matches the patched release from Trend Micro.

📡 Detection & Monitoring

Log Indicators:

Unusual file deletion or modification events in system or application logs, especially from unauthenticated sources.

Network Indicators:

Suspicious HTTP requests to management console paths with traversal patterns (e.g., '../').

SIEM Query:

Example: source="trend_micro_logs" AND (event_type="file_delete" OR event_type="file_modify") AND user="unauthenticated"

📊 Metadata

CVE ID: CVE-2020-28574

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-22

Published: November 18, 2020

Last Updated: November 21, 2024

🔗 References

https://success.trendmicro.com/solution/000281948 Vendor Advisory
https://www.tenable.com/security/research/tra-2020-62 Exploit,Third Party Advisory
https://success.trendmicro.com/solution/000281948 Vendor Advisory
https://www.tenable.com/security/research/tra-2020-62 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-28574, you might also want to check these: