CVE-2022-25329
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions.
Trend Micro ServerProtect Information Server versión 6.0/5.8, usa una credencial estática para llevar a cabo la autenticación cuando es escrito un comando específico en la consola. Un atacante remoto no autenticado con acceso al Information Server podría aprovechar esto para registrarse en el servidor y llevar a cabo acciones autenticadas
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-02-18 CVE Reserved
- 2022-02-24 CVE Published
- 2024-05-18 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.tenable.com/security/research/tra-2022-05 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://success.trendmicro.com/solution/000290507 | 2022-03-03 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Trendmicro Search vendor "Trendmicro" | Serverprotect For Storage Search vendor "Trendmicro" for product "Serverprotect For Storage" | 6.0 Search vendor "Trendmicro" for product "Serverprotect For Storage" and version "6.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Trendmicro Search vendor "Trendmicro" | Serverprotect Search vendor "Trendmicro" for product "Serverprotect" | 5.8 Search vendor "Trendmicro" for product "Serverprotect" and version "5.8" | emc |
Affected
| ||||||
| Trendmicro Search vendor "Trendmicro" | Serverprotect Search vendor "Trendmicro" for product "Serverprotect" | 5.8 Search vendor "Trendmicro" for product "Serverprotect" and version "5.8" | netware |
Affected
| ||||||
| Trendmicro Search vendor "Trendmicro" | Serverprotect Search vendor "Trendmicro" for product "Serverprotect" | 5.8 Search vendor "Trendmicro" for product "Serverprotect" and version "5.8" | windows |
Affected
| ||||||
| Trendmicro Search vendor "Trendmicro" | Serverprotect For Network Appliance Filer Search vendor "Trendmicro" for product "Serverprotect For Network Appliance Filer" | 5.8 Search vendor "Trendmicro" for product "Serverprotect For Network Appliance Filer" and version "5.8" | - |
Affected
| ||||||