CVE-2008-3866 — Improper Authentication in Micro Internet Security 2008

CWE-287 — Improper Authentication3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 65.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Internet Security 2008 Trend Micro Officescan

Timeline

PublishedJan 21

Latest updateMay 2

Description

The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶NVDtrend_micro/internet_security_200817.0.1224

▶NVDtrend_micro/officescan8.0

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-v2r3-54rp-h7wx: The Trend Micro Personal Firewall service (aka TmPfw↗2022-05-02

▶

CVEList

CVE-2008-3866: The Trend Micro Personal Firewall service (aka TmPfw↗2009-01-21

▶