Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-6223

CWE-306 — Missing Authentication4 documents4 sources

Severity

9.8CRITICAL

EPSS

5.2%

top 10.02%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Trend Micro Trend Micro Email Encryption Gateway Trendmicro Email Encryption Gateway

Timeline

PublishedMar 15

Latest updateMay 13

Description

A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/email_encryption_gateway5.5

▶CVEListV5trend_micro/trend_micro_email_encryption_gateway5.5

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-mrgc-j2hj-4qq8: A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5↗2022-05-13

▶

CVEList

CVE-2018-6223: A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5↗2018-03-15

▶

💥Exploits & PoCs

Exploit-DB

Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities↗2018-02-22

▶