Multiple vulnerabilities in Trend Micro Worry-Free Business Security



Published: 2021-01-28 | Updated: 2021-02-03
Risk Medium
Patch available YES
Number of vulnerabilities 16
CVE-ID CVE-2021-25228
CVE-2021-25239
CVE-2021-25245
CVE-2021-25244
CVE-2021-25243
CVE-2021-25242
CVE-2021-25241
CVE-2021-25240
CVE-2021-25238
CVE-2021-25236
CVE-2021-25234
CVE-2021-25233
CVE-2021-25231
CVE-2021-25249
CVE-2021-25248
CVE-2021-25246
CWE-ID CWE-284
CWE-918
CWE-787
CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Worry-Free Business Security
Client/Desktop applications / Software for system administration

Vendor Trend Micro

Security Bulletin

This security bulletin contains information about 16 vulnerabilities.

Updated: 03.02.2021

Updated vulnerability descriptions, provided links to ZDI.

1) Improper access control

EUVDB-ID: #VU50101

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25228

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Worry-Free Business Security: before 10 SP1 Patch 2274

External links

http://success.trendmicro.com/solution/000284206


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper access control

EUVDB-ID: #VU50110

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25239

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Worry-Free Business Security: before 10 SP1 Patch 2274

External links

http://success.trendmicro.com/solution/000284206


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper access control

EUVDB-ID: #VU50121

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25245

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Worry-Free Business Security: before 10 SP1 Patch 2274

External links

http://success.trendmicro.com/solution/000284206


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper access control

EUVDB-ID: #VU50120

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25244

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Worry-Free Business Security: before 10 SP1 Patch 2274

External links

http://success.trendmicro.com/solution/000284206


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper access control

EUVDB-ID: #VU50113

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25243

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Worry-Free Business Security: before 10 SP1 Patch 2274

External links

http://success.trendmicro.com/solution/000284206


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper access control

EUVDB-ID: #VU50112

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25242

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Worry-Free Business Security: before 10 SP1 Patch 2274

External links

http://success.trendmicro.com/solution/000284206


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Server-Side Request Forgery (SSRF)

EUVDB-ID: #VU50114

Risk: Medium

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25241

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input within the web console on port 4343/TCP. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker to create a command script to locate online agents and map out network topology a server can communicate with.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Worry-Free Business Security: before 10 SP1 Patch 2274

External links

http://success.trendmicro.com/solution/000284206


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper access control

EUVDB-ID: #VU50111

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25240

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Worry-Free Business Security: before 10 SP1 Patch 2274

External links

http://success.trendmicro.com/solution/000284206


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper access control

EUVDB-ID: #VU50119

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25238

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Worry-Free Business Security: before 10 SP1 Patch 2274

External links

http://success.trendmicro.com/solution/000284206


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Server-Side Request Forgery (SSRF)

EUVDB-ID: #VU50118

Risk: Medium

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25236

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input within the web console on port 4343/TCP. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker to create a command script to locate online agents and map out network topology a server can communicate with.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Worry-Free Business Security: before 10 SP1 Patch 2274

External links

http://success.trendmicro.com/solution/000284206


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper access control

EUVDB-ID: #VU50107

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25234

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Worry-Free Business Security: before 10 SP1 Patch 2274

External links

http://success.trendmicro.com/solution/000284206


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper access control

EUVDB-ID: #VU50106

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25233

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Worry-Free Business Security: before 10 SP1 Patch 2274

External links

http://success.trendmicro.com/solution/000284206


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper access control

EUVDB-ID: #VU50104

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25231

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and obtain information about the server and agents - such as hotfix information, logs and hostname.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Worry-Free Business Security: before 10 SP1 Patch 2274

External links

http://success.trendmicro.com/solution/000284206


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds write

EUVDB-ID: #VU50117

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25249

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input within TmCCSF.exe. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Worry-Free Business Security: before 10 SP1 Patch 2274

External links

http://success.trendmicro.com/solution/000284206


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

EUVDB-ID: #VU50116

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25248

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within TmCCSF.exe. A local user can run a specially crafted code on the server to trigger out-of-bounds read error and disclose sensitive information about a named pipe.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Worry-Free Business Security: before 10 SP1 Patch 2274

External links

http://success.trendmicro.com/solution/000284206


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper access control

EUVDB-ID: #VU50115

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25246

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the web console on port 4343/TCP. A remote attacker can bypass implemented security restrictions and create a bogus agent on an affected server that could be used then make valid configuration queries.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Worry-Free Business Security: before 10 SP1 Patch 2274

External links

http://success.trendmicro.com/solution/000284206


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###