PT-2003-2286 · Trend Micro · Trend Micro Officescan

Publicado

2003-12-31

Atualizado

2017-07-29

CVE-2003-1341

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Trend Micro OfficeScan versions 3.0 through 3.54 Trend Micro OfficeScan version 5.x

Description The issue allows remote attackers to bypass authentication and gain access to the web management console. This is achieved by making a direct request to "cgiMasterPwd.exe" instead of going through "cgiChkMasterPasswd.exe".

Recommendations For Trend Micro OfficeScan versions 3.0 through 3.54, consider restricting access to the web management console until a fix is available. For Trend Micro OfficeScan version 5.x, consider restricting access to the web management console until a fix is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-16

Identificadores relacionados

CVE-2003-1341

Produtos afetados

Trend Micro Officescan

PT-2003-2286 · Trend Micro · Trend Micro Officescan

CVE-2003-1341

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9