Vulnerability Description
A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows� Secure Boot process in an attempt to execute other attacks to obtain access to the contents of the device. An attacker must first obtain physical access to the target system in order to exploit this vulnerability. It is also important to note that the contents of the drive(s) encrypted with TMEE FDE would still be protected and would NOT be accessible by the attacker by exploitation of this vulnerability alone.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Trend Micro Endpoint Encryption | <= 6.0.0.3204 |
| Microsoft | Windows | - |
References
- https://success.trendmicro.com/solution/000292473Vendor Advisory
- https://success.trendmicro.com/solution/000292473Vendor Advisory
FAQ
What is CVE-2023-28005?
CVE-2023-28005 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows� Sec...
How severe is CVE-2023-28005?
CVE-2023-28005 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28005?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Trend Micro Endpoint Encryption, Microsoft Windows.