PT-2020-14525 · Trend Micro · Trend Micro Deep Security

Partick Hussey

Published

2020-08-21

Updated

2020-09-03

CVE-2020-15601

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro Deep Security versions 10.x through 12.x

Description The issue allows an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication if LDAP authentication is enabled. Enabling multi-factor authentication can prevent this attack. Installations using manager native authentication or SAML authentication are not impacted.

Recommendations For Trend Micro Deep Security versions 10.x through 12.x, enable multi-factor authentication to prevent the authentication bypass attack.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2020-04359

CVE-2020-15601

ZDI-20-1077

Affected Products

Trend Micro Deep Security

PT-2020-14525 · Trend Micro · Trend Micro Deep Security

CVE-2020-15601

Weakness Enumeration

Related Identifiers

Affected Products

References · 6