Trend Micro security bulletin

Number: AV18-035
Date: 23 February 2018

Purpose

The purpose of this advisory is to bring attention to a Trend Micro security bulletin.

Assessment

Trend Micro has released a security bulletin to address multiple vulnerabilities in their Email Encryption Gateway 5.5. Exploitation of these vulnerabilities could allow a remote unauthenticated user to gain permission as root on the device.

Affected versions;
Email Encryption Gateway Version 5.5 Build 1111 and below

CVE References: CVE-2018-6219, CVE-2018-6220, CVE-2018-6221, CVE-2018-6222, CVE-2018-6223, CVE-2018-6224 , CVE-2018-6225, CVE-2018-6226, CVE-2018-6227, CVE-2018-6228, CVE-2018-6229, CVE-2018-6230

Suggested action

CCIRC recommends that owners/operators test and deploy the vendor released update or workaround to affected platforms accordingly.

References

https://success.trendmicro.com/solution/1119349-security-bulletin-trend-micro-email-encryption-gateway-5-5-multiple-vulnerabilities/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6229