An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.
The error classified as CWE-477 (use of deprecated function) allows an attacker to bypass authentication mechanisms in PolicyServer and directly invoke key methods reserved for administrators. The attack is possible remotely over the network without requiring any credentials or user interaction. An exceptionally low barrier to entry means the exploit can be carried out by anyone with access to PolicyServer.
An attacker can gain full administrative access to PolicyServer and arbitrarily modify Endpoint Encryption product configurations, which may result in bypassing disk encryption mechanisms or compromising security policies across the entire organization.
Patches available from the vendor should be applied in accordance with the references — detailed information about patched versions can be found in the Trend Micro bulletin at https://success.trendmicro.com/en-US/solution/KA-0019928. Until the patch is deployed, it is recommended to restrict network access to PolicyServer only to trusted hosts through firewall rules.
Trend Micro Endpoint Encryption PolicyServer running on Microsoft Windows — specific versions indicated in vendor references (https://success.trendmicro.com/en-US/solution/KA-0019928).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicrosoft Windows
OSMicrosoftwszystkie wersjeTrendmicro Trend Micro Endpoint Encryption
APPTrendmicro< 6.0.0.4013
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit