CVE-2023-28005

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-28005
A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows? Secure Boot process in an attempt to execute other attacks to obtain access to the contents of the device. An attacker must first obtain physical access to the target system in order to exploit this vulnerability. It is also important to note that the contents of the drive(s) encrypted with TMEE FDE would still be protected and would NOT be accessible by the attacker by exploitation of this vulnerability alone.

6.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://success.trendmicro.com/solution/000292473 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:trendmicro:trend_micro_endpoint_encryption:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

07 Nov 2023, 04:10

Type Values Removed Values Added
Summary A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows? Secure Boot process in an attempt to execute other attacks to obtain access to the contents of the device. An attacker must first obtain physical access to the target system in order to exploit this vulnerability. It is also important to note that the contents of the drive(s) encrypted with TMEE FDE would still be protected and would NOT be accessible by the attacker by exploitation of this vulnerability alone. A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows? Secure Boot process in an attempt to execute other attacks to obtain access to the contents of the device. An attacker must first obtain physical access to the target system in order to exploit this vulnerability. It is also important to note that the contents of the drive(s) encrypted with TMEE FDE would still be protected and would NOT be accessible by the attacker by exploitation of this vulnerability alone.

29 Mar 2023, 19:27

Type Values Removed Values Added
CPE cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:trend_micro_endpoint_encryption:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.8
References (MISC) https://success.trendmicro.com/solution/000292473 - (MISC) https://success.trendmicro.com/solution/000292473 - Vendor Advisory
First Time Microsoft windows
Trendmicro
Microsoft
Trendmicro trend Micro Endpoint Encryption
CWE NVD-CWE-noinfo

22 Mar 2023, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-03-22 06:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-28005

Mitre link : CVE-2023-28005

CVE.ORG link : CVE-2023-28005

JSON object : View

Products Affected

microsoft

  • windows

trendmicro

  • trend_micro_endpoint_encryption
CWE
NVD-CWE-noinfo