Lucene search

[email protected]CVE-2023-32528

HistoryJun 26, 2023 - 10:15 p.m.

CVE-2023-32528

2023-06-2622:15:10

[email protected]

web.nvd.nist.gov

trend micro

mobile security

enterprise

9.8 sp5

cve-2023-32528

vulnerability

remote code execution

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.3%

JSON

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

This is similar to, but not identical to CVE-2023-32527.

Affected configurations

NVD

Node

trendmicromobile_securityMatch9.8sp5enterprisewindows

CPENameOperatorVersion
trendmicro:mobile_securitytrendmicro mobile securityeq9.8

CPE	Name	Operator	Version
trendmicro:mobile_security	trendmicro mobile security	eq	9.8

CNA Affected

[
  {
    "vendor": "Trend Micro, Inc.",
    "product": "Trend Micro Moibile Security for Enterprise",
    "versions": [
      {
        "version": "9.8 SP5",
        "status": "affected",
        "versionType": "semver",
        "lessThan": "9.8.3294"
      }
    ]
  }
]

References

success.trendmicro.com/dcx/s/solution/000293106?language=en_US

www.zerodayinitiative.com/advisories/ZDI-23-591/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.3%

JSON

Related for CVE-2023-32528

cvelist2 cve1 nvd2 prion2 zdi2