CVE-2020-15601

If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this attack. Installations using manager native authentication or SAML authentication are not impacted by this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
trendmicroCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
trendmicrodeep_security_manager
10.0
trendmicrodeep_security_manager
11.0
trendmicrodeep_security_manager
12.0
trendmicrovulnerability_protection
2.0:sp2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://success.trendmicro.com/solution/000252039
https://www.zerodayinitiative.com/advisories/ZDI-20-1077/
https://success.trendmicro.com/solution/000252039
https://www.zerodayinitiative.com/advisories/ZDI-20-1077/