#VU60764 Integer overflow in Trend Micro products - CVE-2022-25331
Published: February 22, 2022 / Updated: February 23, 2022
Vulnerability identifier: #VU60764
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2022-25331
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
ServerProtect for Storage (SPFS)
ServerProtect for EMC Celerra (SPEMC)
ServerProtect for Network Appliance Filers (SPNAF)
ServerProtect for Microsoft Windows / Novell Netware (SPNT)
ServerProtect for Storage (SPFS)
ServerProtect for EMC Celerra (SPEMC)
ServerProtect for Network Appliance Filers (SPNAF)
ServerProtect for Microsoft Windows / Novell Netware (SPNT)
Software vendor:
Trend Micro
Trend Micro
Description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow. A remote authenticated user can pass specially crafted data to the Information Server, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.