Cybersecurity specialists reported the finding of at least three security flaws in Vulnerability Protection, a solution developed by Trend Micro for faster and more robust endpoint protection as a complement for antivirus and antimalware security solutions. According to the reports, the successful exploitation of these vulnerabilities would allow threat actors to bypass security mechanisms, malicious code execution, among other malicious activities.
Below are brief descriptions of some of the reported flaws, in addition to their respective identification keys and scores according to the Common Vulnerability Scoring System (CVSS).
CVE-2020-8602: This flaw exists due to insufficient verification of data authenticity issues in the management console of the affected application. Experts mention that a remote threat actor could bypass some of the file integrity checks to execute arbitrary code on the compromised system.
This flaw received a score of 6.2/10 on the CVSS scale, so specialists consider this to be a low security risk.
CVE-2020-15601: On the other hand, this vulnerability exists due to a problem in processing authentication requests when the LDAP mechanism is enabled. Remote threat actors could bypass authentication and gain access to restricted resources on the vulnerable system.
This is a high severity flaw that received a score of 7.1/10, cybersecurity specialists mention.
CVE-2020-15605: An error processing authentication requests within the Vulnerability Protection console allows threat actors to bypass the authentication mechanism and gain unauthorized access, as long as the LDAP mechanism is enabled.
The flaw received a score of 7.1/10, so it is considered a high security risk.
According to the report, these three vulnerabilities are present in Vulnerability Protection version 2.0 SP2.
While vulnerabilities could be exploited remotely by unauthenticated threat actors, experts still do not detect attempts at active exploitation or any malware capable of triggering these attacks. Trend Micro has already released the corresponding security patches, so users of affected deployments are advised to update as soon as possible.