CPSEC-496: Cradlepoint Secure Threat Management (CPSTM) Vulnerable to Trend Micro Network Security Vulnerabilities
2021-06-22 22:24:57
SUMMARY:
Cradlepoint Secure Threat Management (CPSTM) leverages Trend Micro’s Deep Packet Inspection (DPI) solution and is affected by publicly disclosed privilege escalation vulnerabilities. In order to be exploitable, CPSTM would have to be enabled on the endpoint and a threat actor would have to have already authenticated as an administrator in NCOS, thus already granting the privileges that exploitation of the vulnerabilities seeks to obtain.
Products Affected: Cradlepoint Enterprise, Branch and Mobile endpoints running 7.21.60 or earlier with CPSTM enabled
Recommendation: Regularly upgrade to the latest release of NCOS and ensure your Cradlepoint endpoint is physically secured.
NCOS Patched Version: 7.21.70+
Related CVEs: CVE-2021-32457, CVE-2021-32458, CVE-2021-32458