CVE-2017-11380

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.8%

top 25.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro, Inc. Trend Micro Deep Discovery Director Trendmicro Deep Discovery Director

Timeline

PublishedAug 1

Latest updateMay 17

Description

Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/deep_discovery_director1.1

▶CVEListV5trend_micro,_inc./trend_micro_deep_discovery_director1.1

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-4h8h-qwqc-fv94: Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all v↗2022-05-17

▶

CVEList

CVE-2017-11380: Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all v↗2017-08-01

▶