Main Vulnerability Database Vulnerabilities #VU73708

#VU73708 Security features bypass in Trend Micro Endpoint Encryption Full Disk Encryption - CVE-2023-28005

Published: March 15, 2023

Vulnerability identifier: #VU73708

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-28005

CWE-ID: CWE-254

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Trend Micro Endpoint Encryption Full Disk Encryption

Software vendor:
Trend Micro

Description

The vulnerability allows an attacker to bypass Secure Boot restrictions.

the vulnerability exists due to incorrect implementation of the Secure Boot feature. An attacker with physical access to device can bypass the Secure Boot restrictions and gain unauthorized access to the system.

Remediation

Install updates from vendor's website.

External links

https://success.trendmicro.com/dcx/s/solution/000292473?language=en_US