Hacking

Dozen vulnerabilities discovered in Trend Micro Linux-based Email Encryption Gateway

Security researchers at Core Security have discovered a dozen vulnerabilities in Trend Micro  Linux-based Email Encryption Gateway.

Security researchers at Core Security have discovered a dozen flaws in Trend Micro  Linux-based Email Encryption Gateway, some of them have been rated as critical and high severity. The flaws received the CVE identification numbers CVE-2018-6219 through CVE-2018-6230.

The most severe flaw could be exploited by a local or remote attacker with access to the targeted system to execute arbitrary commands with root privileges.

“Encryption for Email Gateway [1] is a Linux-based software solution providing the ability to perform the encryption and decryption of email at the corporate gateway, regardless of the email client, and the platform from which it originated. The encryption and decryption of email on the TMEEG client is controlled by a Policy Manager that enables an administrator to configure policies based on various parameters, such as sender and recipient email addresses,” states Core Security.

“Multiple vulnerabilities were found in the Trend Micro Email Encryption Gateway web console that would allow a remote unauthenticated attacker to gain command execution as root.”

The most serious vulnerability is CVE-2018-6223, it is related to missing authentication for appliance registration. Administrators can configure the virtual appliance running Email Encryption Gateway during the deployment process upon deployment via a registration endpoint.

The researchers discovered that attackers can access the endpoint without authentication to set administrator credentials and make other changes to the configuration.

“The registration endpoint is provided for system administrators to configure the virtual appliance upon deployment. However, this endpoint remains accessible without authentication even after the appliance is configured, which would allow attackers to set configuration parameters such as the administrator username and password.” continues the analysis.

The experts also discovered two high severity cross-site scripting (XSS) vulnerabilities, an arbitrary file write issue that can lead to command execution, am arbitrary log file locations leading command execution, and unvalidated software updates.

Remaining flaws discovered by the researchers include SQL and XML external entity (XXE) injections.

Affected Packages are Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) and earlier, Trend Micro addressed ten of the vulnerabilities with the version 5.5 build 1129.

According to the report timeline, Trend Micro spent more than six months to issue the patches.

  • 2017-06-05: Core Security sent an initial notification to Trend Micro, including a draft advisory.
  • 2017-11-13: Core Security asked again (4th time) for an ETA for the official fix. We stated we need a release date or a thorough explanation on why after five months there is still no date defined. If there is no such answer we will be forced to publish the advisory.
  • 2018-02-21: Advisory CORE-2017-0006 published.

Trend Micro confirmed that a medium severity CSRF issue and a low severity SQL injection vulnerability have not been patched due to the difficulties of implementing a fix.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Trend Micro Email Encryption Gateway, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Draytek VigorConnect and Kingsoft WPS Office bugs…

19 hours ago

A flaw in WordPress LiteSpeed Cache Plugin allows account takeover

A critical flaw in the LiteSpeed Cache plugin for WordPress could allow unauthenticated users to…

24 hours ago

Car rental company Avis discloses a data breach

Car rental giant Avis disclosed a data breach that impacted one of its business applications…

2 days ago

SonicWall warns that SonicOS bug exploited in attacks

Recently fixed access control SonicOS vulnerability, tracked as CVE-2024-40766, is potentially exploited in attacks in the…

2 days ago

Apache fixed a new remote code execution flaw in Apache OFBiz

Apache addressed a remote code execution vulnerability affecting the Apache OFBiz open-source enterprise resource planning…

2 days ago

Russia-linked GRU Unit 29155 targeted critical infrastructure globally

The United States and its allies state that Russia-linked threat actors operating under the GRU…

2 days ago

This website uses cookies.