Main Vulnerability Database Vulnerabilities #VU51109

#VU51109 Resource exhaustion in Trend Micro products - CVE-2021-25252

Published: March 2, 2021 / Updated: March 3, 2021

Vulnerability identifier: #VU51109

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-25252

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apex One
OfficeScan
InterScan Web Security Virtual Appliance (IWSVA)
Deep Security
InterScan Messaging Security Virtual Appliance

Software vendor:
Trend Micro

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) features. A remote attacker can pass specially crafted file to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.

Remediation

Install updates from vendor's website.

External links

https://success.trendmicro.com/solution/000285675

#VU51109 Resource exhaustion in Trend Micro products - CVE-2021-25252

Description

Remediation

External links

Please verify you're human