CVE-2018-6220

CRITICAL

Trend Micro Email Encryption Gateway 5.5 - Arbitrary File Write

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-6220. PoCs published by Core Security.

AI-analyzed exploit summary This exploit demonstrates a man-in-the-middle attack against Trend Micro Email Encryption Gateway's insecure update mechanism, allowing arbitrary file writes and root command execution via a malicious RPM file or cron job injection.

Description

An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Core Security · textwebappsjsp
https://www.exploit-db.com/exploits/44166

This exploit demonstrates a man-in-the-middle attack against Trend Micro Email Encryption Gateway's insecure update mechanism, allowing arbitrary file writes and root command execution via a malicious RPM file or cron job injection.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Trend Micro Email Encryption Gateway 5.5 (Build 1111.00)
No auth needed
Prerequisites: Man-in-the-middle position · Victim system initiating an update check
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44166/
Patch, Vendor Advisory x_refsource_confirm
https://success.trendmicro.com/solution/1119349
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities

Scores

CVSS v3 9.8
EPSS 0.1040
EPSS Percentile 95.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-74
Status published
Products (1)
trendmicro/email_encryption_gateway 5.5
Published Mar 15, 2018
Tracked Since Feb 18, 2026