Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2021-25252 |
CWE-ID | CWE-400 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Apex One Client/Desktop applications / Antivirus software/Personal firewalls OfficeScan Client/Desktop applications / Antivirus software/Personal firewalls InterScan Web Security Virtual Appliance Server applications / Server solutions for antivurus protection Deep Security Client/Desktop applications / Software for system administration InterScan Messaging Security Virtual Appliance Server applications / DLP, anti-spam, sniffers |
Vendor | Trend Micro |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU51109
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-25252
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) features. A remote attacker can pass specially crafted file to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApex One: 2019 - Patch 3 b8378
OfficeScan: XG - XG SP1 CP B5427r1
InterScan Web Security Virtual Appliance: 6.5 - 6.5 SP2 Patch 4
Deep Security: before 20.0 LTS
InterScan Messaging Security Virtual Appliance: before 9.1 CP2034
External linkshttp://success.trendmicro.com/solution/000285675
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.