Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1341 — Micro Officescan vulnerability

CWE-164 documents4 sources

Severity

7.5HIGHNVD

EPSS

7.0%

top 8.51%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Trend Micro Officescan Trend Micro Virus Buster

Timeline

PublishedDec 31

Latest updateApr 29

Description

The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDtrend_micro/officescan6 versions+5

▶NVDtrend_micro/virus_buster3.52, 3.53, 3.54+2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-fx79-25g4-6rfm: The default installation of Trend Micro OfficeScan 3↗2022-04-29

▶

CVEList

CVE-2003-1341: The default installation of Trend Micro OfficeScan 3↗2007-10-14

▶

💥Exploits & PoCs

Exploit-DB

Trend Micro OfficeScan 3.x - CGI Directory Insufficient Permissions↗2003-01-15

▶