Integer overflow in Trend Micro products - CVE-2022-25331
Published: February 22, 2022 / Updated: February 23, 2022
Vulnerability identifier: #VU60764
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2022-25331
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Trend Micro
Affected software:
ServerProtect for Storage (SPFS)
ServerProtect for EMC Celerra (SPEMC)
ServerProtect for Network Appliance Filers (SPNAF)
ServerProtect for Microsoft Windows / Novell Netware (SPNT)
ServerProtect for Storage (SPFS)
ServerProtect for EMC Celerra (SPEMC)
ServerProtect for Network Appliance Filers (SPNAF)
ServerProtect for Microsoft Windows / Novell Netware (SPNT)
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow. A remote authenticated user can pass specially crafted data to the Information Server, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2022-25331
Install updates from vendor's website.