CVE-2022-25329

Name of the Vulnerable Software and Affected Versions Trend Micro ServerProtect versions 5.8 through 6.0

Description The issue is related to the use of static credentials for authentication in the Information Server when a specific command is entered in the console. This could allow an unauthenticated remote attacker with access to the Information Server to exploit the vulnerability, register to the server, and perform authenticated actions. The vulnerability is also associated with the executable file EarthAgent.exe in various ServerProtect products, including ServerProtect for Storage, ServerProtect for EMC Celerra, ServerProtect for Network Appliance Filers, and ServerProtect for Microsoft Windows/Novell Netware, due to the use of predefined credentials. Exploitation of the vulnerability may enable a remote attacker to execute arbitrary actions.

Recommendations For Trend Micro ServerProtect versions 5.8 through 6.0, consider disabling the static credential authentication mechanism until a patch is available. As a temporary workaround, restrict access to the Information Server to minimize the risk of exploitation. Avoid using the predefined credentials in the EarthAgent.exe executable file until the issue is resolved.