CVE-2007-3455
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."
El archivo cgiChkMasterPwd.exe versiones anteriores a 8.0.0.142 en Trend Micro OfficeScan Corporate Edition versión 8.0, permite a atacantes remotos omitir el requisito de contraseña y conseguir acceso a la Consola de Administración por medio de un hash vacío y una cadena de contraseña cifrada vacía, relacionada con la "stored decrypted user logon information".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-06-26 CVE Reserved
- 2007-06-27 CVE Published
- 2024-07-15 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=558 | Third Party Advisory | |
| http://osvdb.org/36628 | Vdb Entry | |
| http://www.securityfocus.com/bid/24641 | Vdb Entry | |
| http://www.securityfocus.com/bid/24935 | Vdb Entry | |
| http://www.securitytracker.com/id?1018320 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/2330 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35052 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/25778 | 2017-07-29 | |
| http://www.trendmicro.com/ftp/documentation/readme/osce_80_win_en_securitypatch_b1042_readme.txt | 2017-07-29 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Trend Micro Search vendor "Trend Micro" | Officescan Search vendor "Trend Micro" for product "Officescan" | 8.0 Search vendor "Trend Micro" for product "Officescan" and version "8.0" | corporate |
Affected
| ||||||