CVE-2022-25329

EPSS 2.6%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 2.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

24 Feb 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions.

Affected products

Trend Micro · Trend Micro ServerProtect for EMC Celerra Trend Micro · Trend Micro ServerProtect for Microsoft Windows / Novell NetWare Trend Micro · Trend Micro ServerProtect for Network Appliance Filers Trend Micro · Trend Micro ServerProtect for Storage

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://success.trendmicro.com/solution/000290507 https://www.tenable.com/security/research/tra-2022-05