3 matches found
CVE-2017-11379
CVE-2017-11379 (and related CVEs 11380, 11381) affect Trend Micro Deep Discovery Director 1.1. Core Security CORE-2017-0005 reports vulnerabilities in the backup/restore workflow: backups are not signed/validated, archives are encrypted with a static password across appliances, and a command-inje...
CVE-2017-11381
Summary: CVE-2017-11381 affects Trend Micro Deep Discovery Director 1.1. A command injection vulnerability exists in the backup/restore flow that can be exploited to restore accounts and ultimately gain code execution as root. The issue arises during the restore of textUI accounts: the process as...
CVE-2017-11380
The connected CORE advisory for Trend Micro Deep Discovery Director 1.1 details CVE-2017-11380 (backup archives encrypted with a static, hard-coded password) and CVE-2017-11381 (command injection during backup-restore accounts handling), enabling potential code execution with root privileges via ...