Sign In with your
Trend Micro Account
需要協助?
需要協助?

若您需要技術支援,請 按此建立案件。

安全性公告: 趨勢科技Deep Security與Vulnerability Protection上的XXE弱點

    • 更新於:
    • 12 Sep 2019
    • 產品/版本:
    • Deep Security 11.All
    • Vulnerability Protection 2.0
    • 作業系統:
    • VMware ESX 4.0
    • VMware ESX 4.1
    • VMware ESX 5.0
    • VMware ESXi 4.0
    • VMware ESXi 4.1
    • VMware ESXi 5.0
    • VMware ESXi 5.1
    • VMware ESXi 5.5
    • VMware ESXi 6.0
    • VMware ESXi 6.5
    • VMware ESXi 6.7
    • VMware vCenter 5.0
    • VMware vCenter 5.5
    • VMware vSphere 5.1
    • VMware vSphere 5.5
概要
發布日期: September 11, 2019
CVE 編號: CVE-2019-9488
作業系統: All
CVSS v3 分數: 6.8 
嚴重程度: Medium

趨勢科技已經釋出Deep Security以及Vulnerability Protection相對應的更新程式,此更新程式可修正舊版本中關於XML External Entitiy (XXE) 攻擊的弱點。

詳情
Public

受影響版本

產品版本作業系統語言
Deep SecurityVersion 11.xAllEnglish
Version 10.xAllEnglish
Vulnerability ProtectionVersion 2.0AllEnglish

解決方案

趨勢科技已經發布更新程式以解決此弱點:

產品更新後版本說明作業系統可供下載日期
Deep SecurityVersion 11.3 U1*DSM ReadmeAllNow
Version 11.0 U8*DSM ReadmeAllNow
Version 10.0 U20*DSM ReadmeAllNow
Vulnerability ProtectionVersion 2.0.8451ReadmeAllNow

*以上修正程式是解決本文所提及的諸項弱點之最低要求的版本,若後續有發表更新的產品更新或修正,我們也建議您安裝新推出的版本。

用戶可至趨勢科技的下載中心查看並獲取產品所需的相關更新檔案。(如Service Pack等)。

弱點詳情

本更新程式可修正Deep Security與Vulnerability Protection產品中的下列弱點:

  1. CVE-2019-9488 (CVSSv3 6.8 - AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N):  Affected versions of Trend Micro Deep Security Manager and Vulnerability Protection are vulnerable to a XML External Entity Attack.  However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM).

    Due to the seriousness of this and any vulnerabilities, customers are highly encouraged to update to the latest build as soon as possible.

    In addition to the vulnerability discovered and addressed above, another potential issue was reported and is being given a Defense in Depth (DiD) credit:

  2. *Defense in Depth (DiD) Credit: It was reported that affected versions of Trend Micro Deep Security do not have integrity checking of deployed agent files to protect against potential tampering.  Fortunately, Trend Micro Deep Security on Windows has an Agent Self-Protection mechanism to protect against the modification of agent files.  More information can be found at the Deep Security Help Center: Enable or disable agent self-protection section.

    緩解要素

    以上攻擊方式通常需要透過存取具弱點的主機(實體或遠端)來達成。除了維持主機保持更新外,我們也建議用戶定期檢查重要系統中的安全性原則與存取紀錄等,並讓主機處於最新的狀態。

    然而,儘管一個完整的攻擊需要許多特定的條件配合達來完成,趨勢科技仍然強烈建議用戶盡早安裝此更新。

    致謝

    趨勢科技感謝以下人員與趨勢科技一同針對本弱點揭露與分析所作出的貢獻:

    • Boyd Ansems and Frank Cozijnsen of the KPN REDteam

    其它參考

    • CVE-2019-9488
Premium
Internal
Partner
評價:
分類:
配置; 疑難解答; 安裝; 佈署; 更新
解決方案ID:
1122900
評定這個解決方案
本文是否幫助解決您的問題?

感謝您的意見!

請留下您的Email方便進一步的聯繫,協助我們改進文章內容:
我們不會透過以上Email寄送任何可能騷擾您的垃圾信.

本意見調查系統為自動運作,將不會回覆如銷售、技術、產品等一般問題.

若您需要協助,請聯繫對應的技術支援窗口. 聯絡我們


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.