Trend Micro has released security patches to address a critical authentication bypass vulnerability, tracked as CVE-2021-36745, that affects the Trend Micro ServerProtect product.
Trend Micro Server Protect offers comprehensive real-time protection for enterprise infrastructure, preventing them from being targeted by viruses, spyware, and other Web threats.
A remote attacker can exploit the vulnerability to bypass authentication on vulnerable installs, the issue received a CVSS score of 9.8.
“A critical vulnerability in Trend Micro ServerProtect could allow a remote attacker to bypass authentication on affected installations.” reads the advisory published by the security firm. “Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.”
The vulnerability was reported by Yuto Maeda from Cyber Defense Institute through Trend Micro’s Zero Day Initiative, it is due to the lack of proper validation prior to authentication.
“This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro ServerProtect. Authentication is not required to exploit this vulnerability.” reads the advisory published by ZDI. “The specific flaw exists within the ServerProtect console. The issue results from the lack of proper validation prior to authentication. An attacker can leverage this vulnerability to bypass authentication on the system.”
The vulnerability affects ServerProtect for Storage (SPFS) 6.0 for Windows, ServerProtect for EMC Celerra (SPEMC) 5.8, ServerProtect for Network Appliance Filers (SPNAF) 5.8, and Server Protect for Microsoft Windows / Novell Netware (SPNT) 5.8.
Trend Micro urges customers to update to the latest builds as soon as possible.
(SecurityAffairs – hacking, Trend Micro)