Authentication Bypass in Trend Micro Mobile Security
CVE-2017-14080

9.8CRITICAL

Key Information:

Vendor: Trend Micro
Status: Mobile Security (enterprise)
Vendor: CVE Published:; 22 September 2017

🔔 Create Trend Micro Vulnerability Alert

What is CVE-2017-14080?

An authentication bypass vulnerability exists in Trend Micro Mobile Security (Enterprise) prior to version 9.7 Patch 3, allowing attackers to exploit the system by accessing restricted console areas through the use of a blank password. This flaw can potentially lead to unauthorized access to sensitive information and functions within the mobile security environment.

Affected Version(s)

Mobile Security (Enterprise) < 9.7 Patch 3

References

http://www.zerodayinitiative.com/advisories/ZDI-17-767

x_refsource_MISC

https://success.trendmicro.com/solution/1118224

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 22, 2017
Vulnerability Reserved
Aug 31, 2017