Lucene search

[email protected]CVE-2003-1341

HistoryOct 14, 2007 - 7:00 p.m.

CVE-2003-1341

2007-10-1419:00:00

CWE-16

[email protected]

web.nvd.nist.gov

trend micro

officescan

remote attackers

authentication bypass

web management console

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.13 Low

EPSS

Percentile

95.5%

JSON

The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.

Affected configurations

NVD

Node

trend_microofficescanMatch3.0corporate

trend_microofficescanMatch3.0corporate_for_windows_nt_server

trend_microofficescanMatch3.1.1corporate_for_windows_nt_server

trend_microofficescanMatch3.5corporate

trend_microofficescanMatch3.5corporate_for_windows_nt_server

trend_microofficescanMatch3.11corporate

trend_microofficescanMatch3.11corporate_for_windows_nt_server

trend_microofficescanMatch3.13corporate

trend_microofficescanMatch3.13corporate_for_windows_nt_server

trend_microofficescanMatch3.54corporate

trend_microvirus_busterMatch3.52corporate

trend_microvirus_busterMatch3.53corporate

trend_microvirus_busterMatch3.54corporate

CPENameOperatorVersion
trend_micro:officescantrend micro officescaneq3.0
trend_micro:officescantrend micro officescaneq3.1.1
trend_micro:officescantrend micro officescaneq3.5
trend_micro:officescantrend micro officescaneq3.11
trend_micro:officescantrend micro officescaneq3.13
trend_micro:officescantrend micro officescaneq3.54
trend_micro:virus_bustertrend micro virus bustereq3.52
trend_micro:virus_bustertrend micro virus bustereq3.53
trend_micro:virus_bustertrend micro virus bustereq3.54

CPE	Name	Operator	Version
trend_micro:officescan	trend micro officescan	eq	3.0
trend_micro:officescan	trend micro officescan	eq	3.1.1
trend_micro:officescan	trend micro officescan	eq	3.5
trend_micro:officescan	trend micro officescan	eq	3.11
trend_micro:officescan	trend micro officescan	eq	3.13
trend_micro:officescan	trend micro officescan	eq	3.54
trend_micro:virus_buster	trend micro virus buster	eq	3.52
trend_micro:virus_buster	trend micro virus buster	eq	3.53
trend_micro:virus_buster	trend micro virus buster	eq	3.54

References

archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html

kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353

secunia.com/advisories/7881

www.osvdb.org/6181

www.securityfocus.com/bid/6616

exchange.xforce.ibmcloud.com/vulnerabilities/11059

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.13 Low

EPSS

Percentile

95.5%

JSON

Related for CVE-2003-1341

cvelist1 nvd1