A vulnerability was found in Trend Micro Deep Security 10.x/11.x/12.x. It has been rated as critical. This issue affects an unknown code block of the component LDAP Authentication. The manipulation with an unknown input leads to a improper authentication vulnerability. Using CWE to declare the problem leads to CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability.

The weakness was released 08/27/2020 (Website). The advisory is shared at success.trendmicro.com. The identification of this vulnerability is CVE-2020-15601 since 07/07/2020. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 08/28/2020).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Entries connected to this vulnerability are available at 160362 and 160409.

Productinfo

Vendor

• Trend Micro

Name

• Deep Security

Version

• 10.x
• 11.x
• 12.x

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion