Denial of service in Trend Micro Scan Engine in multiple products
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-25252 |
| CWE-ID | CWE-400 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Apex One Client/Desktop applications / Antivirus software/Personal firewalls OfficeScan Client/Desktop applications / Antivirus software/Personal firewalls InterScan Web Security Virtual Appliance (IWSVA) Server applications / Server solutions for antivurus protection Deep Security Client/Desktop applications / Software for system administration InterScan Messaging Security Virtual Appliance Server applications / DLP, anti-spam, sniffers |
| Vendor | Trend Micro |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Resource exhaustion
EUVDB-ID: #VU51109
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-25252
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) features. A remote attacker can pass specially crafted file to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: Patch 3 b8378 - CP 8422
OfficeScan: XG - XG SP1 CP 5474
InterScan Web Security Virtual Appliance (IWSVA): 6.5 - 6.5 SP2 HF 1755
Deep Security: before 10.0 U29
InterScan Messaging Security Virtual Appliance: before 9.1 CP2034
CPE2.3- cpe:2.3:a:trend_micro:apex_one:Patch 3 b8378:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:Build 3943:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:apex_one:2019:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:officescan:XG:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:officescan:XG SP1:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:officescan:XG (non-SP1) CP B1962:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:interscan_web_security_virtual_appliance:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:interscan_web_security_virtual_appliance:6.5 SP2 Patch 4:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:interscan_web_security_virtual_appliance:6.5 SP2 HF 1755:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:deep_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:trend_micro:interscan_messaging_security_virtual_appliance:*:*:*:*:*:*:*:*
https://success.trendmicro.com/solution/000285675
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
