Trend Micro has addressed several vulnerabilities in its InterScan Messaging Security product, including those that can have serious consequences.
InterScan Messaging Security is an email and collaboration security product that protects against spam, phishing, and advanced attacks. The product offers a hybrid SaaS delivery option that combines a virtual gateway appliance with a pre-filter to block spam and threats.
Researchers at SEC Consult, a cybersecurity consultancy, found that the InterScan Messaging Security Virtual Appliance (IMSVA) is vulnerable to eight types of security problems.
The list contains the following points: Cross-Site Request Forgery (CSRF), External XML Structure (XXE), Super-privileged Users and Services, Server Side Request Forgery (SSRF), Local File Disclosure, Weaksword Storage, and obsolete software components.
One of the most serious vulnerabilities is CVE-2020-27016, a very reliable CSRF problem that can be used to change product policy rules. SEC Consult believes that an attacker can bypass malware scans or send an email to a host under his control.
However, to exploit this vulnerability, an attacker must convince an authenticated administrator to open a malicious website.
SEC Consult has also discovered a very reliable XXE vulnerability, monitored as CVE-2020-27017, which can be used to read random local files. Although exploitation requires administrative privileges, an attacker can achieve this by combining this with a lack of CSRF.
The other holes in the safety system are of medium or low severity. One of them could give an attacker access to files that should only be accessible to users with high privileges. This weakness can be combined with XXE’s disadvantage of accessing files that are normally only accessible by the root user, such as /etc/shadow, which contains information about the user’s account. Other, less serious problems may disclose confidential information.
Some vulnerabilities require administrator rights or an active login (e.g. for CSRF). A standard user account is sufficient to exploit the disclosure vulnerability of SSRF files. Vulnerabilities in the disclosure of information can be exploited without prior authentication, and potentially sensitive data such as important documents can be obtained, SEC told SecurityWeek.
SEC Consult reported on Trend Micro vulnerabilities at the end of April and on April 9, SEC Consult reported on Trend Micro vulnerabilities. The October patches have been released. However, Trend Micro did not issue the safety bulletin until September 4. The November issue.
We are aware of the weaknesses found in the IMSVA product and thank SEC Consult for its responsible disclosure and close cooperation. We’ve released a critical patch that fixes these vulnerabilities and encourages customers to make sure their products are updated to the latest version, said Trend Micro in an email from SecurityWeek.
That’s what it looks like: Trend Micro addresses additional vulnerabilities in the Threat Protection Suite.
That’s what it looks like: Trend Micro addresses two vulnerabilities that are exploited in the wild.
That’s what it looks like: A Trend Micro OfficeScan error appears to have been discovered in the Mitsubishi Electric hack.
That’s what it looks like: Vulnerabilities discovered in Kaspersky, Trend Micro products.
imsva latest version, trend micro download center