PT-2017-11968 · Trend Micro · Trend Micro Deep Discovery Inspector

Brian Gorenc

Published

2017-07-31

Updated

2019-10-03

CVE-2017-11382

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Trend Micro Deep Discovery Email Inspector version 2.5.1

Description The issue allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. This can be exploited to cause a Denial of Service.

Recommendations For version 2.5.1, consider restricting access to the kdump setting to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

CVE-2017-11382

ZDI-17-503

Affected Products

Trend Micro Deep Discovery Inspector

PT-2017-11968 · Trend Micro · Trend Micro Deep Discovery Inspector

CVE-2017-11382

Weakness Enumeration

Related Identifiers

Affected Products

References · 6