Number: AV18-035
Date: 23 February 2018
Purpose
The purpose of this advisory is to bring attention to a Trend Micro security bulletin.
Assessment
Trend Micro has released a security bulletin to address multiple vulnerabilities in their Email Encryption Gateway 5.5. Exploitation of these vulnerabilities could allow a remote unauthenticated user to gain permission as root on the device.
Affected versions;
Email Encryption Gateway Version 5.5 Build 1111 and below
CVE References: CVE-2018-6219, CVE-2018-6220, CVE-2018-6221, CVE-2018-6222, CVE-2018-6223, CVE-2018-6224 , CVE-2018-6225, CVE-2018-6226, CVE-2018-6227, CVE-2018-6228, CVE-2018-6229, CVE-2018-6230
Suggested action
CCIRC recommends that owners/operators test and deploy the vendor released update or workaround to affected platforms accordingly.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6229