Resource exhaustion in Trend Micro products - CVE-2021-25252

 

Resource exhaustion in Trend Micro products - CVE-2021-25252

Published: March 2, 2021 / Updated: March 3, 2021


Vulnerability identifier: #VU51109
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-25252
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Trend Micro
Affected software:
Apex One
OfficeScan
InterScan Web Security Virtual Appliance (IWSVA)
Deep Security
InterScan Messaging Security Virtual Appliance

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) features. A remote attacker can pass specially crafted file to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.


How to mitigate CVE-2021-25252

Install updates from vendor's website.

Sources