PT-2003-2286 · Trend Micro · Trend Micro Officescan

Published

2003-12-31

Updated

2017-07-29

CVE-2003-1341

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Trend Micro OfficeScan versions 3.0 through 3.54 Trend Micro OfficeScan version 5.x

Description The issue allows remote attackers to bypass authentication and gain access to the web management console. This is achieved by making a direct request to "cgiMasterPwd.exe" instead of going through "cgiChkMasterPasswd.exe".

Recommendations For Trend Micro OfficeScan versions 3.0 through 3.54, consider restricting access to the web management console until a fix is available. For Trend Micro OfficeScan version 5.x, consider restricting access to the web management console until a fix is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-16

Related Identifiers

CVE-2003-1341

Affected Products

Trend Micro Officescan

PT-2003-2286 · Trend Micro · Trend Micro Officescan

CVE-2003-1341

Weakness Enumeration

Related Identifiers

Affected Products

References · 9