CVE-2017-6398

high-risk
Published 2017-03-14

An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it.

Do I need to act?

!
64.6% chance of exploitation in next 30 days
EPSS score — higher than 35% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Trendmicro

References (4)

http://www.securityfocus.com/bid/96859
Third Party Advisory https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec
http://www.securityfocus.com/bid/96859
Third Party Advisory https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec
54
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 19/34 · Moderate
Exposure 5/34 · Minimal