Описание
The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.
Ссылки
- Vendor Advisory
- ExploitPatch
- Vendor Advisory
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:trend_micro:officescan:3.0:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.0:*:corporate_for_windows_nt_server:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.1.1:*:corporate_for_windows_nt_server:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.5:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.5:*:corporate_for_windows_nt_server:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.11:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.11:*:corporate_for_windows_nt_server:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.13:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.13:*:corporate_for_windows_nt_server:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.54:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:virus_buster:3.52:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:virus_buster:3.53:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:virus_buster:3.54:*:corporate:*:*:*:*:*
EPSS
Процентиль: 91%
0.06518
Низкий
7.5 High
CVSS2
Дефекты
CWE-16
Связанные уязвимости
github
почти 4 года назад
The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.
EPSS
Процентиль: 91%
0.06518
Низкий
7.5 High
CVSS2
Дефекты
CWE-16