Main
Vulnerability Database
Exploits
ID:7387 - Exploit for Integer overflow in Trend Micro products - CVE-2022-25331
ID:7387 - Exploit for Integer overflow in Trend Micro products - CVE-2022-25331
Published: February 23, 2022
Vulnerability identifier: #VU60764
Vulnerability risk: High
CVE-ID: CVE-2022-25331
CWE-ID: CWE-190
Exploitation vector: Remote access
Vulnerable software:
ServerProtect for Storage (SPFS)
ServerProtect for EMC Celerra (SPEMC)
ServerProtect for Network Appliance Filers (SPNAF)
ServerProtect for Microsoft Windows / Novell Netware (SPNT)
ServerProtect for Storage (SPFS)
ServerProtect for EMC Celerra (SPEMC)
ServerProtect for Network Appliance Filers (SPNAF)
ServerProtect for Microsoft Windows / Novell Netware (SPNT)
Link to public exploit:
https://github.com/tenable/poc/blob/master/TrendMicro/ServerProtect/serverprotect_info_server_dos.py
Vulnerability description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow. A remote authenticated user can pass specially crafted data to the Information Server, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.