CVE-2017-14085

moderate-risk
Published 2017-10-06

Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.

Do I need to act?

!
12.4% chance of exploitation in next 30 days
EPSS score — higher than 88% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
42893
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Trendmicro

References (16)

Exploit http://hyp3rlinx.altervista.org/advisories/CVE-2017-14085-TRENDMICRO-OFFICESCAN-...
Exploit http://packetstormsecurity.com/files/144402/TrendMicro-OfficeScan-11.0-XG-12.0-I...
Mailing List http://seclists.org/fulldisclosure/2017/Sep/85
http://www.securityfocus.com/archive/1/541281/100/0/threaded
Third Party Advisory http://www.securityfocus.com/bid/101076
Third Party Advisory http://www.securitytracker.com/id/1039500
Patch https://success.trendmicro.com/solution/1118372
Exploit https://www.exploit-db.com/exploits/42893/
Exploit http://hyp3rlinx.altervista.org/advisories/CVE-2017-14085-TRENDMICRO-OFFICESCAN-...
Exploit http://packetstormsecurity.com/files/144402/TrendMicro-OfficeScan-11.0-XG-12.0-I...
Mailing List http://seclists.org/fulldisclosure/2017/Sep/85
http://www.securityfocus.com/archive/1/541281/100/0/threaded
Third Party Advisory http://www.securityfocus.com/bid/101076
Third Party Advisory http://www.securitytracker.com/id/1039500
Patch https://success.trendmicro.com/solution/1118372
Exploit https://www.exploit-db.com/exploits/42893/
47
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 19/34 · Moderate
Exposure 7/34 · Low