CVE-2021-32459

Опубликовано: 27 мая 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 5.5

EPSS Низкий

Описание

Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted network request to lead to arbitrary authentication. An attacker must first obtain the ability to execute high-privileged code on the target device in order to exploit this vulnerability.

Ссылки

https://helpcenter.trendmicro.com/en-us/article/TMKA-10337
Vendor Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1241
Third Party Advisory
https://helpcenter.trendmicro.com/en-us/article/TMKA-10337
Vendor Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1241
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:trendmicro:home_network_security:*:*:*:en:*:*:*:*

Версия до 6.6.604 (включая)

cpe:2.3:a:trendmicro:home_network_security:*:*:*:ja:*:*:*:*

Версия до 6.6.604 (включая)

cpe:2.3:a:trendmicro:home_network_security:*:*:*:zh:*:*:*:*

Версия до 6.6.604 (включая)

EPSS

Процентиль: 67%

0.00532

Низкий

6.5 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-697p-5m9w-jhmw

github

больше 3 лет назад

A hard-coded password vulnerability exists in the SFTP Log Collection Server function of Trend Micro Inc.’s Home Network Security 6.1.567. A specially crafted network request can lead to arbitrary authentication. An attacker can send an unauthenticated message to trigger this vulnerability.

EPSS

Процентиль: 67%

0.00532

Низкий

6.5 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-798