Vulnerabilities Identified by Cisco’s Talos Unit in Trend Micro Home Network Security Devices

Cisco

Vulnerabilities in Trend Micro Home Network Security systems discovered by security researchers with Cisco’s Talos unit may be exploited to elevate privileges or achieve arbitrary authentication.

Users can track and secure their networks with the Home Network Security station, which includes vulnerability scanning, intrusion prevention, threat protection, and device-based access control.

Three security flaws were discovered in these devices, including two stack buffer overflows with CVSS scores of 7.8 (CVE-2021-32457 and CVE-2021-32458) and one CVSS score of 4.9 for a hardcoded password question (CVE-2021-32459).

The first two flaws are ioctl stack-based buffer overflows, which an attacker might take advantage of by sending specially designed ioctl requests. Both vulnerabilities result in privilege escalation, but the attacker must first be able to execute low-privileged code on the computer.

Researchers from Talos also discovered a hardcoded password weakness in Trend Micro Home Network Security’s log collection server feature, which could be exploited for arbitrary authentication by sending a specially designed network request.

The fact that an attacker must first obtain the ability to execute high-privileged code on the compromised computer before being able to exploit the flaw is a mitigating factor.

“At this time, Trend Micro has received no reports of actual attacks against the affected product due to this vulnerability,” the company says.

SEE ALSO:
Phishing Campaign Delivers Quasar RAT Payloads via Fake Resumes

Versions 6.6.604 and earlier of Trend Micro Home Network Security are affected. Trend Micro has already released software updates to correct the bugs, which should be available via the automatic firmware update process on compatible devices.

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post
tips-why-get-cyber-security-degre (1) (2)

Top 3 Security Risks to Be Aware Of While Running an Ecommerce Business

Next Post
Computer forensics

How to Become a Digital Forensics Professional

Related Posts