Remote Authentication Bypass in Trend Micro Mobile Security Enterprise
CVE-2023-32524

8.8HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Moibile Security For Enterprise
Vendor: CVE Published:; 26 June 2023

🔔 Create Trend Micro Vulnerability Alert

What is CVE-2023-32524?

Trend Micro Mobile Security (Enterprise) version 9.8 SP5 contains certain widgets that can be exploited by a remote attacker to bypass authentication controls. This vulnerability requires an attacker to first gain access to execute low-privileged code within the targeted system, allowing this bypass to potentially be chained with other vulnerabilities for greater impact. The nature of this vulnerability emphasizes the importance of strengthening security measures and applying updates to protect against such exploit attempts.

Affected Version(s)

Trend Micro Moibile Security for Enterprise 9.8 SP5 < 9.8.3294

References

https://success.trendmicro.com/dcx/s/solution/000293106?l...

https://www.zerodayinitiative.com/advisories/ZDI-23-588/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2023
Vulnerability Reserved
May 9, 2023