まっちゃだいふくの日記

セキュリティのこと、ITの気になった記事をリンクしています。

SECURITY BULLETIN: Trend Micro Deep Security Manager and Vulnerability Protection Multiple Vulnerabilities:https://success.trendmicro.com/solution/000252039@ Deep Security 10/11/12 Managerに完全性検証機能に脆弱性と、多要素認証使用中にLDAP認証がバイパスされる脆弱性(SAMLは影響なしか)が存在とのこと。

SECURITY BULLETIN: Trend Micro Deep Security Manager and Vulnerability Protection Multiple Vulnerabilities:https://success.trendmicro.com/solution/000252039

Release Date: August 19, 2020
CVE Identifier(s): CVE-2020-8602, CVE-2020-15601
Platform(s): Windows
CVSS 3.1 Score(s): 7.2 and 8.1
Severity Rating(s): High

Trend Micro has released new patches for Trend Micro Deep Security Manager and Trend Micro Vulnerability Protection. These patches resolve two security issues which, in certain circumstances, could impact the confidentiality, integrity and availability of the management console.

PRODUCT AFFECTED VERSION(S) PLATFORM LANGUAGE(S)
Deep Security Manager* Version 12.0 Windows English
Version 11.0 Windows English
Version 10.0 Windows English
Vulnerability Protection Version 2.0 SP2 Windows English

対応済みバージョン

PRODUCT UPDATED VERSION Update Date PLATFORM AVAILABILITY
Deep Security Manager Version 12.0 U11 August 19, 2020 Windows Now Available
Version 11.0 U22 July 15, 2020 Windows Now Available
Version 10.0 U27 August 7, 2020 Windows Now Available
Vulnerability Protection Version 2.0 SP2 Patch7 CP5 August 12, 2020 Windows Now Available

Deep Security Managerに完全性検証に脆弱性と、多要素認証使用中にLDAP認証がバイパスされる脆弱性SAMLは影響なしか)が存在とのこと。

Vulnerability Details

CVE-2020-8602: Deep Security Manager and Vulnerability Protection Integrity Verification Bypass

CVSSv3.1: 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
A vulnerability in the affected products' management console may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution.

CVE-2020-15601: Deep Security Manager and Vulnerability Protection LDAP Authentication Bypass

CVSSv3.1: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
If LDAP authentication is enabled, an unauthenticated attacker with prior knowledge of the targeted organization may be able to bypass manager authentication.
Enabling multi-factor authentication prevents this attack.
Installations using manager native authentication or SAML authentication are not impacted by this vulnerability.