Authentication Bypass in Trend Micro Mobile Security
CVE-2017-14080

9.8CRITICAL

Key Information:

Vendor: Trend Micro
Status: Mobile Security (enterprise)
Vendor: CVE Published:; 22 September 2017

Summary

An authentication bypass vulnerability exists in Trend Micro Mobile Security (Enterprise) prior to version 9.7 Patch 3, allowing attackers to exploit the system by accessing restricted console areas through the use of a blank password. This flaw can potentially lead to unauthorized access to sensitive information and functions within the mobile security environment.

Affected Version(s)

Mobile Security (Enterprise) < 9.7 Patch 3

References

http://www.zerodayinitiative.com/advisories/ZDI-17-767

x_refsource_MISC

https://success.trendmicro.com/solution/1118224

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 22, 2017
Vulnerability Reserved
Aug 31, 2017