CVE-2007-3455 — Micro Officescan vulnerability

CWE-2643 documents3 sources

Severity

10.0CRITICALNVD

EPSS

3.9%

top 11.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Officescan

Timeline

PublishedJun 27

Latest updateMay 1

Description

cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDtrend_micro/officescan8.0

Patches

Patch: secunia.com ↗Patch: www.trendmicro.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-82hr-rgm4-3x6p: cgiChkMasterPwd↗2022-05-01

▶

CVEList

CVE-2007-3455: cgiChkMasterPwd↗2007-06-27

▶