CVE-2003-1341 - The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers

CVE-2003-1341

Summary

The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.

References

Vulnerable Configurations

cpe:2.3:a:trend_micro:officescan:3.0:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.0:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.0:*:corporate_for_windows_nt_server:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.0:*:corporate_for_windows_nt_server:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.1.1:*:corporate_for_windows_nt_server:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.1.1:*:corporate_for_windows_nt_server:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.5:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.5:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.5:*:corporate_for_windows_nt_server:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.5:*:corporate_for_windows_nt_server:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.11:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.11:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.11:*:corporate_for_windows_nt_server:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.11:*:corporate_for_windows_nt_server:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.13:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.13:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.13:*:corporate_for_windows_nt_server:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.13:*:corporate_for_windows_nt_server:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.54:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:officescan:3.54:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:virus_buster:3.52:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:virus_buster:3.52:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:virus_buster:3.53:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:virus_buster:3.53:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:virus_buster:3.54:*:corporate:*:*:*:*:*
cpe:2.3:a:trend_micro:virus_buster:3.54:*:corporate:*:*:*:*:*

CVSS

Base:	7.5 (as of 29-07-2017 - 01:29)
Impact:
Exploitability:

CWE

CWE-16

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	6616
confirm	http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353
osvdb	6181
secunia	7881
vulnwatch	20030114 Assorted Trend Vulns Rev 2.0
xf	officescan-cgichkmasterpwd-auth-bypass(11059)

Last major update

29-07-2017 - 01:29

Published

31-12-2003 - 05:00

Last modified

29-07-2017 - 01:29