CVE-2017-14083 - A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can ac

CVE-2017-14083

Summary

A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.

References

Vulnerable Configurations

cpe:2.3:a:trendmicro:officescan:11.0:sp1:*:*:*:*:*:*
cpe:2.3:a:trendmicro:officescan:11.0:sp1:*:*:*:*:*:*
cpe:2.3:a:trendmicro:officescan:12.0:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:officescan:12.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

d2sec via4

name	Trend Micro OfficeScan 11.0/XG Encryption Key Disclosure
url	http://www.d2sec.com/exploits/trend_micro_officescan_11.0_xg_encryption_key_disclosure.html

refmap via4

bid	101076
bugtraq	20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083 (apparitionsec / hyp3rlinx)
confirm	https://success.trendmicro.com/solution/1118372
exploit-db	42889
fulldisc	20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083
misc	http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt http://packetstormsecurity.com/files/144398/TrendMicro-OfficeScan-11.0-XG-12.0-Encryption-Key-Disclosure.html
sectrack	1039500

Last major update

03-10-2019 - 00:03

Published

06-10-2017 - 01:29

Last modified

03-10-2019 - 00:03