Vulnerabilities > CVE-2003-1341 - Configuration vulnerability in Trend Micro Officescan and Virus Buster

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

trend-micro

CWE-16

exploit available

NVD

Published: 2003-12-31

Updated: 2017-07-29

Summary

The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.

Vulnerable Configurations

Part	Description	Count
Application	Trend_Micro Trend Micro Officescan 3.0 Trend Micro Officescan 3.1.1 Trend Micro Officescan 3.5 Trend Micro Officescan 3.11 Trend Micro Officescan 3.13 Trend Micro Officescan 3.54 Trend Micro Virus Buster 3.52 Trend Micro Virus Buster 3.53 Trend Micro Virus Buster 3.54	13

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

Exploit-Db

description	Trend Micro OfficeScan 3.x CGI Directory Insufficient Permissions Vulnerability. CVE-2003-1341. Remote exploit for windows platform
id	EDB-ID:22171
last seen	2016-02-02
modified	2003-01-15
published	2003-01-15
reporter	Rod Boron
source	https://www.exploit-db.com/download/22171/
title	Trend Micro OfficeScan 3.x CGI Directory Insufficient Permissions Vulnerability

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References