Login Sign Up

CVE-2022-25331

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2022-25331 is a denial-of-service vulnerability in Trend Micro ServerProtection Information Server where uncaught exceptions allow remote attackers to crash the process. This affects organizations running vulnerable versions of Trend Micro ServerProtection. The vulnerability requires network access to the Information Server component.

💻 Affected Systems

Products:
  • Trend Micro ServerProtection
Versions: 6.0 and 5.8
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the Information Server component specifically. Requires network access to the vulnerable service.

📦 What is this software?

Serverprotect by Trendmicro

View all CVEs affecting Serverprotect →

Serverprotect by Trendmicro

View all CVEs affecting Serverprotect →

Serverprotect by Trendmicro

View all CVEs affecting Serverprotect →

Serverprotect For Network Appliance Filer by Trendmicro

View all CVEs affecting Serverprotect For Network Appliance Filer →

Serverprotect For Storage by Trendmicro

View all CVEs affecting Serverprotect For Storage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote unauthenticated attacker causes complete service disruption of the Information Server component, potentially affecting security monitoring and management capabilities.

🟠

Likely Case

Service disruption of the Information Server, requiring manual restart of the affected component.

🟢

If Mitigated

Minimal impact if proper network segmentation and access controls prevent unauthorized access to the Information Server.

🌐 Internet-Facing: HIGH if Information Server is exposed to internet without proper controls, as exploit is unauthenticated.
🏢 Internal Only: MEDIUM as internal attackers could disrupt security management functions.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Tenable research indicates the vulnerability is remotely exploitable without authentication. No public exploit code has been observed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply hotfix as specified in Trend Micro advisory

Vendor Advisory: https://success.trendmicro.com/solution/000290507

Restart Required: Yes

Instructions:

1. Download the hotfix from Trend Micro support portal. 2. Stop the Information Server service. 3. Apply the hotfix. 4. Restart the Information Server service. 5. Verify service is running correctly.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to the Information Server to only authorized management systems

Firewall Rules

all

Implement firewall rules to block external access to the Information Server port

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the Information Server
  • Monitor for service crashes and implement automated restart procedures

🔍 How to Verify

Check if Vulnerable:

Check if running Trend Micro ServerProtection 6.0 or 5.8 Information Server component

Check Version:

Check Trend Micro ServerProtection management console for version information

Verify Fix Applied:

Verify hotfix is applied by checking version information in Trend Micro console or contacting support

📡 Detection & Monitoring

Log Indicators:

  • Information Server service crash events
  • Unexpected service termination logs

Network Indicators:

  • Unusual traffic patterns to Information Server port
  • Multiple connection attempts followed by service unavailability

SIEM Query:

source="trendmicro" AND (event_type="service_crash" OR event_type="unhandled_exception") AND component="Information Server"

📊 Metadata

CVE ID: CVE-2022-25331
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: February 24, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON