Authentication Bypass Vulnerability in Trend Micro Control Manager
CVE-2018-3601

9.8CRITICAL

Key Information:

Vendor: Trend Micro
Status: Trend Micro Control Manager
Vendor: CVE Published:; 9 February 2018

Summary

A vulnerability in Trend Micro Control Manager 6.0 allows remote attackers to bypass authentication mechanisms. By exploiting the improper handling of password hashes, attackers can gain unauthorized access to the system, potentially compromising sensitive data and system integrity. Organizations maintaining this software should evaluate their installations and apply the necessary patches to mitigate this security risk.

Affected Version(s)

Trend Micro Control Manager 6.0

References

https://www.zerodayinitiative.com/advisories/ZDI-18-113/

x_refsource_MISC

https://success.trendmicro.com/solution/1119158

x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 9, 2018
Vulnerability Reserved
Dec 27, 2017