¡¾Îó²îͨ¸æ¡¿Trend Micro ServerProtect Éí·ÝÑéÖ¤ÈÆ¹ýÎó²î (CVE-2021-36745£©

Ðû²¼Ê±¼ä 2021-09-28


0x00 Îó²î¸ÅÊö

CVE     ID

CVE-2021-36745

ʱ      ¼ä

2021-09-24

Àà      ÐÍ

Éí·ÝÑéÖ¤ÈÆ¹ý

µÈ      ¼¶

ÑÏÖØ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£


¹¥»÷ÖØÆ¯ºó

µÍ

¿ÉÓÃÐÔ

¸ß

Óû§½»»¥

ÎÞ

ËùÐèȨÏÞ

ÎÞ

PoC/EXP


ÔÚҰʹÓÃ

·ñ

 

0x01 Îó²îÏêÇé

image.png

Trend Micro? ServerProtectÊÇÇ÷ÊÆ¿Æ¼¼µÄÒ»¿îÆóÒµ¼¶·´²¡¶¾³ÌÐò¡£¡£ ¡£

2021Äê9ÔÂ24ÈÕ£¬£¬£¬£¬ £¬£¬£¬ Ç÷ÊÆ¿Æ¼¼Ðû²¼Ç徲ͨ¸æ£¬£¬£¬£¬ £¬£¬£¬ÐÞ¸´ÁËServerProtect£¨·À¶¾Ç½Ð§ÀÍÆ÷°æ£©ÖеÄÒ»¸öÉí·ÝÑéÖ¤ÈÆ¹ýÎó²î£¨CVE-2021-36745£©£¬£¬£¬£¬ £¬£¬£¬ÆäCVSSv3ÆÀ·ÖΪ9.8¡£¡£ ¡£

¸ÃÎó²î±£´æÓÚServerProtect¿ØÖÆÌ¨ÖУ¬£¬£¬£¬ £¬£¬£¬ÓÉÓÚȱ·¦Êʵ±µÄÑéÖ¤£¬£¬£¬£¬ £¬£¬£¬Ô¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃËüÈÆ¹ýÊÜÓ°ÏìµÄ Trend Micro ServerProtect ×°ÖõÄÉí·ÝÑéÖ¤¡£¡£ ¡£

Ó°Ïì¹æÄ£

ServerProtect for Storage (SPFS) 6.0

ServerProtect for EMC Celerra (SPEMC) 5.8

ServerProtect for Network Appliance Filers (SPNAF) 5.8

ServerProtect for Microsoft Windows / Novell Netware (SPNT) 5.8

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚ´ËÎó²îÒѾ­ÐÞ¸´£¬£¬£¬£¬ £¬£¬£¬½¨ÒéÊÜÓ°ÏìµÄÓû§ÊµÊ±Éý¼¶¸üе½ÒÔϰ汾£º

ServerProtect for Storage (SPFS) 6.0 CP1284

ServerProtect for EMC Celerra (SPEMC) 5.8 CP1577

ServerProtect for Network Appliance Filers (SPNAF) 5.8 CP1299

ServerProtect for Microsoft Windows / Novell Netware (SPNT) 5.8 CP1575

ÏÂÔØÁ´½Ó£º

https://success.trendmicro.com/solution/000289038

 

0x03 ²Î¿¼Á´½Ó

https://success.trendmicro.com/solution/000289038

https://www.zerodayinitiative.com/advisories/ZDI-21-1115/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-CVE-2021-36745

 

0x04 ¸üа汾

°æ±¾

ÈÕÆÚ

ÐÞ¸ÄÄÚÈÝ

V1.0

2021-09-28

Ê×´ÎÐû²¼

 

0x05 Îĵµ¸½Â¼

CNVD£ºwww.cnvd.org.cn

CNNVD£ºwww.cnnvd.org.cn

CVE£ºcve.mitre.org

CVSS£ºwww.first.org

NVD£ºnvd.nist.gov

 

0x06 ¹ØÓÚ¼øºÚµ£±£Íø

¹Ø×¢ÒÔϹ«Öںţ¬£¬£¬£¬ £¬£¬£¬»ñÈ¡¸ü¶à×ÊѶ£º

image.png