Trend Micro security bulletin

Number: AV18-035
Date: 23 February 2018

Purpose

The purpose of this advisory is to bring attention to a Trend Micro security bulletin.

Assessment

Trend Micro has released a security bulletin to address multiple vulnerabilities in their Email Encryption EncryptionConverting information from one form to another to hide its content and prevent unauthorized access. Gateway GatewayAn intermediate system that is the interface between two computer networks. A gateway can be a server, firewall, router, or other device that enables data to flow through a network. 5.5. Exploitation of these vulnerabilities could allow a remote unauthenticated user to gain permission as root on the device.

Affected versions;
Email Encryption Gateway Version 5.5 Build 1111 and below

CVE References: CVE-2018-6219, CVE-2018-6220, CVE-2018-6221, CVE-2018-6222, CVE-2018-6223, CVE-2018-6224 , CVE-2018-6225, CVE-2018-6226, CVE-2018-6227, CVE-2018-6228, CVE-2018-6229, CVE-2018-6230

Suggested action

CCIRC recommends that owners/operators test and deploy the vendor released update or workaround to affected platforms accordingly.

References

https://success.trendmicro.com/solution/1119349-security-bulletin-trend-micro-email-encryption-gateway-5-5-multiple-vulnerabilities/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6225
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6229