Rewterz Threat Alert – BEC Scam Harvesting Data for Financial Crime
November 6, 2020Rewterz Threat Advisory – CVE-2020-27694 – Trend Micro InterScan Messaging Virtual Appliance
November 6, 2020Rewterz Threat Alert – BEC Scam Harvesting Data for Financial Crime
November 6, 2020Rewterz Threat Advisory – CVE-2020-27694 – Trend Micro InterScan Messaging Virtual Appliance
November 6, 2020Severity
High
Analysis Summary
CVE-2020-5644
The affected product has a memory corruption vulnerability, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.
CVE-2020-5645
The affected product has a session fixation vulnerability, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition.
CVE-2020-5646
The affected product has a NULL pointer dereference vulnerability, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition.
CVE-2020-5647
The affected product has an access control issue, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.
CVE-2020-5648
The affected product is vulnerable to an argument injection, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.
CVE-2020-5649
The affected product has a resource management issue, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition.
Impact
Denial of service
Affected Vendors
Mitsubishi Electric
Affected Products
GT14 model of GOT1000 Series
Remediation
Refer to ICS advsory for the complete list of affected products and their respective patches.